CVE ID : CVE-2025-40026<\/p>\n
Published : 28. Oktober 2025 10:15 | 29\u00a0Minuten ago<\/p>\n
Description : In the Linux kernel, the following vulnerability has been resolved:<\/p>\n
KVM: x86: Don’t (re)check L1 intercepts when completing userspace I\/O<\/p>\n
When completing emulation of instruction that generated a userspace exit
\nfor I\/O, don’t recheck L1 intercepts as KVM has already finished that
\nphase of instruction execution, i.e. has already committed to allowing L2
\nto perform I\/O. If L1 (or host userspace) modifies the I\/O permission
\nbitmaps during the exit to userspace, KVM will treat the access as being
\nintercepted despite already having emulated the I\/O access.<\/p>\n
Pivot on EMULTYPE_NO_DECODE to detect that KVM is completing emulation.
\nOf the three users of EMULTYPE_NO_DECODE, only complete_emulated_io() (the
\nintended “recipient”) can reach the code in question. gp_interception()’s
\nuse is mutually exclusive with is_guest_mode(), and
\ncomplete_emulated_insn_gp() unconditionally pairs EMULTYPE_NO_DECODE with
\nEMULTYPE_SKIP.<\/p>\n
The bad behavior was detected by a syzkaller program that toggles port I\/O
\ninterception during the userspace I\/O exit, ultimately resulting in a WARN
\non vcpu->arch.pio.count being non-zero due to KVM no completing emulation
\nof the I\/O instruction.<\/p>\n
WARNING: CPU: 23 PID: 1083 at arch\/x86\/kvm\/x86.c:8039 emulator_pio_in_out+0x154\/0x170 [kvm]\n Modules linked in: kvm_intel kvm irqbypass
\n CPU: 23 UID: 1000 PID: 1083 Comm: repro Not tainted 6.16.0-rc5-c1610d2d66b1-next-vm #74 NONE
\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02\/06\/2015
\n RIP: 0010:emulator_pio_in_out+0x154\/0x170 [kvm]\n PKRU: 55555554
\n Call Trace:<\/p>\n
kvm_fast_pio+0xd6\/0x1d0 [kvm]\n vmx_handle_exit+0x149\/0x610 [kvm_intel]\n kvm_arch_vcpu_ioctl_run+0xda8\/0x1ac0 [kvm]\n kvm_vcpu_ioctl+0x244\/0x8c0 [kvm]\n __x64_sys_ioctl+0x8a\/0xd0
\n do_syscall_64+0x5d\/0xc60
\n entry_SYSCALL_64_after_hwframe+0x4b\/0x53<\/p>\n
Severity: 0.0 | NA<\/p>\n
Visit the link for more details, such as CVSS details, affected products, timeline, and more…\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"
CVE ID : CVE-2025-40026 Published : 28. Oktober 2025 10:15 | 29\u00a0Minuten ago Description : In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don’t (re)check L1 intercepts when completing userspace I\/O When completing emulation of instruction that generated a userspace exit for I\/O, don’t recheck L1 intercepts as KVM has already …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-72504","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/72504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=72504"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/72504\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=72504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=72504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=72504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}