CVE-2025-21779

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: x86: Reject Hyper-V&amp;#39;s SEND_IPI hypercalls if local APIC isn&amp;#39;t in-kernel<br /> <br /> Advertise support for Hyper-V&amp;#39;s SEND_IPI and SEND_IPI_EX hypercalls if and<br /> only if the local API is emulated/virtualized by KVM, and explicitly reject<br /> said hypercalls if the local APIC is emulated in userspace, i.e. don&amp;#39;t rely<br /> on userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.<br /> <br /> Rejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if<br /> Hyper-V enlightenments are exposed to the guest without an in-kernel local<br /> APIC:<br /> <br /> dump_stack+0xbe/0xfd<br /> __kasan_report.cold+0x34/0x84<br /> kasan_report+0x3a/0x50<br /> __apic_accept_irq+0x3a/0x5c0<br /> kvm_hv_send_ipi.isra.0+0x34e/0x820<br /> kvm_hv_hypercall+0x8d9/0x9d0<br /> kvm_emulate_hypercall+0x506/0x7e0<br /> __vmx_handle_exit+0x283/0xb60<br /> vmx_handle_exit+0x1d/0xd0<br /> vcpu_enter_guest+0x16b0/0x24c0<br /> vcpu_run+0xc0/0x550<br /> kvm_arch_vcpu_ioctl_run+0x170/0x6d0<br /> kvm_vcpu_ioctl+0x413/0xb20<br /> __se_sys_ioctl+0x111/0x160<br /> do_syscal1_64+0x30/0x40<br /> entry_SYSCALL_64_after_hwframe+0x67/0xd1<br /> <br /> Note, checking the sending vCPU is sufficient, as the per-VM irqchip_mode<br /> can&amp;#39;t be modified after vCPUs are created, i.e. if one vCPU has an<br /> in-kernel local APIC, then all vCPUs have an in-kernel local APIC.