CVE-2025-37996: KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()

Description

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()

Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made the
initialization of the local memcache variable in user_mem_abort()
conditional, leaving a codepath where it is used uninitialized via
kvm_pgtable_stage2_map().

This can fail on any path that requires a stage-2 allocation
without transition via a permission fault or dirty logging.

Fix this by making sure that memcache is always valid.

Classification

CVE ID: CVE-2025-37996

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.92% (scored less or equal to compared to others)

EPSS Date: 2025-06-09 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37996
https://git.kernel.org/stable/c/a26d50f8a4a5049e956984797b5d0dedea4bbb18
https://git.kernel.org/stable/c/157dbc4a321f5bb6f8b6c724d12ba720a90f1a7c

Timeline

2025-05-29 14:40:21 UTC
CVE

KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()