CVE-2025-21779

Summary

CVE-2025-21779 is a vulnerability in the Linux kernel that affects the KVM (Kernel-based Virtual Machine) component. This issue results from the improper handling of Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls. The vulnerability allows a NULL-pointer dereference when local APICs are emulated in userspace instead of in-kernel. To mitigate this issue, KVM will now only support Hyper-V's hypercalls if a local API is emulated/virtualized in-kernel. Rejecting these hypercalls if the local APIC is in userspace prevents the vulnerability's exploitation. The vulnerable functions include, but are not limited to, `dump_stack`, `kasan_report`, and `__apic_accept_irq`. All vCPUs share the same local APIC status, ensuring that if one vCPU has an in-kernel local APIC, all subsequent vCPUs will also have one.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.