CVE-2025-40160
Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Vulnerability report for CVE-2025-40160, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially when the current CPU is tracked. This now returns -EEXIST instead of BUG_ON(). A second call to bind a per-domain or global VIRQ is not expected, but make it non-fatal to avoid trying to look up the irq, since we don't know which per_cpu(virq_to_irq) it will be in.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-07-06
AI Q&A
2025-11-13
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's handling of virtual interrupts (VIRQs) in the xen/events subsystem. Specifically, the function find_virq() was changed to return an error code (-EEXIST) when a VIRQ is bound to a different CPU than the one requested, instead of causing a fatal error (BUG_ON()). Some VIRQs are per-CPU, while others are per-domain or global and must initially be bound to CPU0 but can migrate later. Previously, attempts to bind a per-domain or global VIRQ a second time could cause a fatal error due to lookup failures when migrated off CPU0. The fix makes this non-fatal by returning -EEXIST, preventing crashes and improving error propagation.

Impact Analysis

This vulnerability could cause the Linux kernel to crash or behave unexpectedly when handling certain virtual interrupts that migrate between CPUs, due to fatal errors triggered by improper binding checks. This could lead to system instability or denial of service in environments using the affected xen/events subsystem. The fix prevents these fatal errors by properly handling the binding of VIRQs, improving system stability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40160. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart