{"id":"CVE-2025-21779","summary":"KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel\n\nAdvertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don't rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n  dump_stack+0xbe/0xfd\n  __kasan_report.cold+0x34/0x84\n  kasan_report+0x3a/0x50\n  __apic_accept_irq+0x3a/0x5c0\n  kvm_hv_send_ipi.isra.0+0x34e/0x820\n  kvm_hv_hypercall+0x8d9/0x9d0\n  kvm_emulate_hypercall+0x506/0x7e0\n  __vmx_handle_exit+0x283/0xb60\n  vmx_handle_exit+0x1d/0xd0\n  vcpu_enter_guest+0x16b0/0x24c0\n  vcpu_run+0xc0/0x550\n  kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n  kvm_vcpu_ioctl+0x413/0xb20\n  __se_sys_ioctl+0x111/0x160\n  do_syscal1_64+0x30/0x40\n  entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan't be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.","modified":"2026-04-02T12:45:13.218513Z","published":"2025-02-27T02:18:23.001Z","related":["SUSE-SU-2025:01600-1","SUSE-SU-2025:01919-1","SUSE-SU-2025:1177-1","SUSE-SU-2025:1178-1","SUSE-SU-2025:1180-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1","USN-7521-2"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21779.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/45fa526b0f5a34492ed0536c3cdf88b78380e4de"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5393cf22312418262679eaadb130d608c75fe690"},{"type":"WEB","url":"https://git.kernel.org/stable/c/61224533f2b61e252b03e214195d27d64b22989a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/874ff13c73c45ecb38cb82191e8c1d523f0dc81b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a8de7f100bb5989d9c3627d3a223ee1c863f3b69"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aca8be4403fb90db7adaf63830e27ebe787a76e8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ca29f58ca374c40a0e69c5306fc5c940a0069074"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21779.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21779"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"214ff83d4473a7757fa18a64dc7efe3b0e158486"},{"fixed":"61224533f2b61e252b03e214195d27d64b22989a"},{"fixed":"45fa526b0f5a34492ed0536c3cdf88b78380e4de"},{"fixed":"5393cf22312418262679eaadb130d608c75fe690"},{"fixed":"874ff13c73c45ecb38cb82191e8c1d523f0dc81b"},{"fixed":"aca8be4403fb90db7adaf63830e27ebe787a76e8"},{"fixed":"ca29f58ca374c40a0e69c5306fc5c940a0069074"},{"fixed":"a8de7f100bb5989d9c3627d3a223ee1c863f3b69"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21779.json"}}],"schema_version":"1.7.5"}