{"vulnerability": "CVE-2025-37885", "sightings": [{"uuid": "bd7274aa-f67a-4218-b09a-a29839b6428a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37885", "type": "seen", "source": "https://t.me/cvedetector/24934", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37885 - KVM Linux Kernel MSI Route Handling Use-After-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37885 \nPublished : May 9, 2025, 7:16 a.m. | 44\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nKVM: x86: Reset IRTE to host control if *new* route isn't postable  \n  \nRestore an IRTE back to host control (remapped or posted MSI mode) if the  \n*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of  \nthe GSI routing type.  Updating the IRTE if and only if the new GSI is an  \nMSI results in KVM leaving an IRTE posting to a vCPU.  \n  \nThe dangling IRTE can result in interrupts being incorrectly delivered to  \nthe guest, and in the worst case scenario can result in use-after-free,  \ne.g. if the VM is torn down, but the underlying host IRQ isn't freed. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T10:22:04.000000Z"}, {"uuid": "a09b991b-56de-4ea8-89ed-fd6a26443c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37885", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lopz7ywwmq2j", "content": "", "creation_timestamp": "2025-05-09T08:31:49.822742Z"}, {"uuid": "a478a915-0906-4a70-9d3d-783fc4d2dbe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37885", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lopwqiszvvu2", "content": "", "creation_timestamp": "2025-05-09T09:21:42.376739Z"}, {"uuid": "cc1445ee-1885-4bd0-a0a1-cd01abfc8283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-37885", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15688", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37885\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reset IRTE to host control if *new* route isn't postable\n\nRestore an IRTE back to host control (remapped or posted MSI mode) if the\n*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of\nthe GSI routing type.  Updating the IRTE if and only if the new GSI is an\nMSI results in KVM leaving an IRTE posting to a vCPU.\n\nThe dangling IRTE can result in interrupts being incorrectly delivered to\nthe guest, and in the worst case scenario can result in use-after-free,\ne.g. if the VM is torn down, but the underlying host IRQ isn't freed.\n\ud83d\udccf Published: 2025-05-09T06:45:48.150Z\n\ud83d\udccf Modified: 2025-05-09T06:45:48.150Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/e5f2dee9f7fcd2ff4b97869f3c66a0d89c167769\n2. https://git.kernel.org/stable/c/116c7d35b8f72eac383b9fd371d7c1a8ffc2968b\n3. https://git.kernel.org/stable/c/023816bd5fa46fab94d1e7917fe131b79ed1fb41\n4. https://git.kernel.org/stable/c/3481fd96d801715942b6f69fe251133128156f30\n5. https://git.kernel.org/stable/c/b5de7ac74f69603ad803c524b840bffd36368fc3\n6. https://git.kernel.org/stable/c/3066ec21d1a33896125747f68638725f456308db\n7. https://git.kernel.org/stable/c/9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2", "creation_timestamp": "2025-05-09T07:25:29.000000Z"}, {"uuid": "e3b080dd-c2d7-4536-9482-69e99d644ade", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-37885", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}]}