CVE-2025-22013 – A Linux kernel vulnerability in KVM for ARM64 s... (How to Fix)

Q: What is the severity of CVE-2025-22013?

CVE-2025-22013 has a CVSS score of 5.5 (MEDIUM). A Linux kernel vulnerability in KVM for ARM64 systems allows improper handling of host floating-point/SIMD state when switching between host and guest. This can cause host system crashes, data corruption, or unintended ptrace behavior changes. Affected systems are those running Linux kernels with KVM virtualization on ARM64 hardware.

📋 TL;DR

A Linux kernel vulnerability in KVM for ARM64 systems allows improper handling of host floating-point/SIMD state when switching between host and guest. This can cause host system crashes, data corruption, or unintended ptrace behavior changes. Affected systems are those running Linux kernels with KVM virtualization on ARM64 hardware.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel v5.17 and later (all stable trees)

Operating Systems: Linux distributions running on ARM64 architecture

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with ARM64 hardware using KVM virtualization. Requires KVM to be enabled and used.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Host system crash leading to denial of service, potential data corruption in host processes using floating-point/SIMD operations, and unintended ptrace behavior changes affecting debugging/tracing tools.

🟠

Likely Case

Host process crashes (like QEMU crashes reported) when using SVE instructions, leading to VM instability and service disruption.

🟢

If Mitigated

Minimal impact if systems don't use KVM virtualization or don't run affected ARM64 hardware.

🌐 Internet-Facing: LOW - This is a host kernel vulnerability requiring local access to the hypervisor, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Requires local access to the host system running KVM VMs, but could affect virtualization infrastructure stability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access to trigger the state handling bug. No known public exploits, but the bug can be triggered by normal VM operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in kernel commits: 04c50cc23a492c4d43fdaefc7c1ecc0ff6f7b82e, 5289ac43b69c61a49c75720921f2008005a31c43, 79e140bba70bcacc5fe15bf8c0b958793fd7d56f, 806d5c1e1d2e5502175a24bf70f251648d99c36a, 900b444be493b7f404898c785d6605b177a093d0

Vendor Advisory: https://git.kernel.org/stable/c/04c50cc23a492c4d43fdaefc7c1ecc0ff6f7b82e

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check with your distribution vendor for backported patches. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable KVM virtualization

linux

Temporarily disable KVM virtualization to avoid the bug

echo 'blacklist kvm' >> /etc/modprobe.d/blacklist-kvm.conf
update-initramfs -u
reboot

Disable SVE/SME features

linux

Disable SVE and SME extensions at kernel boot

Add 'nosve' and 'nosme' to kernel boot parameters in /etc/default/grub

🧯 If You Can't Patch

Avoid using SVE/SME features in host processes
Monitor for host process crashes and restart affected services

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if KVM is loaded: uname -r && lsmod | grep kvm

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commit: grep -q '04c50cc23a492c4d43fdaefc7c1ecc0ff6f7b82e' /proc/version || echo 'Check kernel changelog'

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
QEMU/KVM process crashes
Segmentation faults in processes using floating-point operations

Network Indicators:

VM connectivity loss
Increased host system instability

SIEM Query:

source="kernel" AND ("Oops" OR "segfault" OR "QEMU crashed")

📊 Metadata

CVE ID: CVE-2025-22013

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.06% exploit probability (19.5th percentile)

Published: April 8, 2025

Last Updated: October 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON