CVE-2025-40136
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - request reserved interrupt for virtual function The device interrupt vector 3 is an error interrupt for physical function and a reserved interrupt for virtual function. However, the driver has not registered the reserved interrupt for virtual function. When allocating interrupts, the number of interrupts is allocated based on powers of two, which includes this interrupt. When the system enables GICv4 and the virtual function passthrough to the virtual machine, releasing the interrupt in the driver triggers a warning. The WARNING report is: WARNING: CPU: 62 PID: 14889 at arch/arm64/kvm/vgic/vgic-its.c:852 its_free_ite+0x94/0xb4 Therefore, register a reserved interrupt for VF and set the IRQF_NO_AUTOEN flag to avoid that warning.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40136
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's handling of interrupts for the hisilicon/qm crypto driver. Specifically, the device interrupt vector 3 is designated as an error interrupt for the physical function and a reserved interrupt for the virtual function. However, the driver did not register this reserved interrupt for the virtual function. Since interrupt allocation is done based on powers of two and includes this interrupt, when the system enables GICv4 and uses virtual function passthrough to a virtual machine, releasing the interrupt in the driver triggers a warning. The fix involves registering the reserved interrupt for the virtual function and setting the IRQF_NO_AUTOEN flag to prevent this warning.


How can this vulnerability impact me? :

This vulnerability can cause warnings in the system logs when the driver releases the interrupt, which may indicate improper interrupt handling. While it does not explicitly mention system crashes or security breaches, such warnings could lead to instability or degraded performance in environments using virtual function passthrough with GICv4. It may affect the reliability of virtualized environments relying on this driver.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring system logs for the specific warning message triggered by the issue. Look for the warning: "WARNING: CPU: <cpu_id> PID: <pid> at arch/arm64/kvm/vgic/vgic-its.c:852 its_free_ite+0x94/0xb4" in the kernel logs. You can use commands like `dmesg | grep WARNING` or `journalctl -k | grep WARNING` to find this warning on your system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the issue is resolved. The fix involves registering the reserved interrupt for the virtual function and setting the IRQF_NO_AUTOEN flag to avoid the warning. Until the update is applied, monitor for the warning messages and avoid enabling GICv4 with virtual function passthrough if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart