CVE & CISA-KEV Catalog

CVE-2025-40184

UNSCORED

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIG_NVHE_EL2_DEBUG then the debug checking in assert_host_shared_guest() fails on the launch of an np-guest. This WARN_ON() causes a panic and generates the stack below. In __pkvm_host_relax_perms_guest() the debug checking assumes the mapping is a single page but it may be a block map. Update the checking so that the size is not checked and just assumes the correct size. While we're here make the same fix in __pkvm_host_mkyoung_guest(). Info: # lkvm run -k /share/arch/arm64/boot/Image -m 704 -c 8 --name guest-128 Info: Removed ghost socket file "/.lkvm//guest-128.sock". [ 1406.521757] kvm [141]: nVHE hyp BUG at: arch/arm64/kvm/hyp/nvhe/mem_protect.c:1088! [ 1406.521804] kvm [141]: nVHE call trace: [ 1406.521828] kvm [141]: [<ffff8000811676b4>] __kvm_nvhe_hyp_panic+0xb4/0xe8 [ 1406.521946] kvm [141]: [<ffff80008116d12c>] __kvm_nvhe_assert_host_shared_guest+0xb0/0x10c [ 1406.522049] kvm [141]: [<ffff80008116f068>] __kvm_nvhe___pkvm_host_relax_perms_guest+0x48/0x104 [ 1406.522157] kvm [141]: [<ffff800081169df8>] __kvm_nvhe_handle___pkvm_host_relax_perms_guest+0x64/0x7c [ 1406.522250] kvm [141]: [<ffff800081169f0c>] __kvm_nvhe_handle_trap+0x8c/0x1a8 [ 1406.522333] kvm [141]: [<ffff8000811680fc>] __kvm_nvhe___skip_pauth_save+0x4/0x4 [ 1406.522454] kvm [141]: ---[ end nVHE call trace ]--- [ 1406.522477] kvm [141]: Hyp Offset: 0xfffece8013600000 [ 1406.522554] Kernel panic - not syncing: HYP panic: [ 1406.522554] PS:834003c9 PC:0000b1806db6d170 ESR:00000000f2000800 [ 1406.522554] FAR:ffff8000804be420 HPFAR:0000000000804be0 PAR:0000000000000000 [ 1406.522554] VCPU:0000000000000000 [ 1406.523337] CPU: 3 UID: 0 PID: 141 Comm: kvm-vcpu-0 Not tainted 6.16.0-rc7 #97 PREEMPT [ 1406.523485] Hardware name: FVP Base RevC (DT) [ 1406.523566] Call trace: [ 1406.523629] show_stack+0x18/0x24 (C) [ 1406.523753] dump_stack_lvl+0xd4/0x108 [ 1406.523899] dump_stack+0x18/0x24 [ 1406.524040] panic+0x3d8/0x448 [ 1406.524184] nvhe_hyp_panic_handler+0x10c/0x23c [ 1406.524325] kvm_handle_guest_abort+0x68c/0x109c [ 1406.524500] handle_exit+0x60/0x17c [ 1406.524630] kvm_arch_vcpu_ioctl_run+0x2e0/0x8c0 [ 1406.524794] kvm_vcpu_ioctl+0x1a8/0x9cc [ 1406.524919] __arm64_sys_ioctl+0xac/0x104 [ 1406.525067] invoke_syscall+0x48/0x10c [ 1406.525189] el0_svc_common.constprop.0+0x40/0xe0 [ 1406.525322] do_el0_svc+0x1c/0x28 [ 1406.525441] el0_svc+0x38/0x120 [ 1406.525588] el0t_64_sync_handler+0x10c/0x138 [ 1406.525750] el0t_64_sync+0x1ac/0x1b0 [ 1406.525876] SMP: stopping secondary CPUs [ 1406.525965] Kernel Offset: disabled [ 1406.526032] CPU features: 0x0000,00000080,8e134ca1,9446773f [ 1406.526130] Memory Limit: none [ 1406.959099] ---[ end Kernel panic - not syncing: HYP panic: [ 1406.959099] PS:834003c9 PC:0000b1806db6d170 ESR:00000000f2000800 [ 1406.959099] FAR:ffff8000804be420 HPFAR:0000000000804be0 PAR:0000000000000000 [ 1406.959099] VCPU:0000000000000000 ]

How to fix

Remediation Available
linuxDebian
Fixed in:6.17.6-1CVE-2025-40184
linuxUbuntu
Fixed in:6.17.0-14.14USN-8029-1
linux-awsUbuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-azureUbuntu
Fixed in:6.17.0-1008.8USN-8029-3
linux-gcpUbuntu
Fixed in:6.17.0-1007.7USN-8030-1
linux-image-6.17.0-1006-realtimeUbuntu
Fixed in:6.17.0-1006.7USN-8029-1
linux-image-6.17.0-1007-awsUbuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-6.17.0-1007-aws-64kUbuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-6.17.0-1007-gcpUbuntu
Fixed in:6.17.0-1007.7USN-8030-1
linux-image-6.17.0-1007-gcp-64kUbuntu
Fixed in:6.17.0-1007.7USN-8030-1
linux-image-6.17.0-1007-oracleUbuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-6.17.0-1007-oracle-64kUbuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-6.17.0-1008-azureUbuntu
Fixed in:6.17.0-1008.8USN-8029-3
linux-image-6.17.0-1008-raspiUbuntu
Fixed in:6.17.0-1008.8USN-8029-1
linux-image-6.17.0-1011-oemUbuntu
Fixed in:6.17.0-1011.11USN-8048-1
linux-image-6.17.0-14-genericUbuntu
Fixed in:6.17.0-14.14USN-8029-1
linux-image-6.17.0-14-generic-64kUbuntu
Fixed in:6.17.0-14.14USN-8029-1
linux-image-awsUbuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-aws-6.17Ubuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-aws-64kUbuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-aws-64k-6.17Ubuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-azureUbuntu
Fixed in:6.17.0-1008.8USN-8029-3
linux-image-azure-6.17Ubuntu
Fixed in:6.17.0-1008.8USN-8029-3
linux-image-gcpUbuntu
Fixed in:6.17.0-1007.7USN-8030-1
linux-image-gcp-6.17Ubuntu
Fixed in:6.17.0-1007.7USN-8030-1
linux-image-gcp-64kUbuntu
Fixed in:6.17.0-1007.7USN-8030-1
linux-image-gcp-64k-6.17Ubuntu
Fixed in:6.17.0-1007.7USN-8030-1
linux-image-genericUbuntu
Fixed in:6.17.0-14.14USN-8029-1
linux-image-generic-6.17Ubuntu
Fixed in:6.17.0-14.14USN-8029-1
linux-image-generic-64kUbuntu
Fixed in:6.17.0-14.14USN-8029-1
linux-image-generic-64k-6.17Ubuntu
Fixed in:6.17.0-14.14USN-8029-1
linux-image-oem-6.17Ubuntu
Fixed in:6.17.0-1011.11USN-8048-1
linux-image-oracleUbuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-oracle-6.17Ubuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-oracle-64kUbuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-oracle-64k-6.17Ubuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-image-raspiUbuntu
Fixed in:6.17.0-1008.8USN-8029-1
linux-image-raspi-6.17Ubuntu
Fixed in:6.17.0-1008.8USN-8029-1
linux-image-realtimeUbuntu
Fixed in:6.17.0-1006.7USN-8029-1
linux-image-realtime-6.17Ubuntu
Fixed in:6.17.0-1006.7USN-8029-1
linux-image-virtualUbuntu
Fixed in:6.17.0-14.14USN-8029-1
linux-image-virtual-6.17Ubuntu
Fixed in:6.17.0-14.14USN-8029-1
linux-oem-6.17Ubuntu
Fixed in:6.17.0-1011.11USN-8048-1
linux-oracleUbuntu
Fixed in:6.17.0-1007.7USN-8029-2
linux-raspiUbuntu
Fixed in:6.17.0-1008.8USN-8029-1
linux-realtimeUbuntu
Fixed in:6.17.0-1006.7USN-8029-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.17%probability of exploitation in 30 days
6thpercentile

Low risk: more likely to be exploited than 6% of all known CVEs.

References

Embed a live status badge for CVE-2025-40184
CVE-2025-40184 severity badge

Markdown

[![CVE-2025-40184](https://tridentstack.com/cve/badge/CVE-2025-40184.svg)](https://tridentstack.com/cve/CVE-2025-40184)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-40184"><img src="https://tridentstack.com/cve/badge/CVE-2025-40184.svg" alt="CVE-2025-40184"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-11-14.