CVE-2025-37819 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2025-37819?

CVE-2025-37819 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's GIC-V2M interrupt controller allows attackers to cause kernel panics or potentially execute arbitrary code. This affects Linux systems using ACPI boot with PCI host bridges, particularly ARM-based platforms like Juno boards. The vulnerability occurs when a wrongly marked initialization function remains registered after being freed.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's GIC-V2M interrupt controller allows attackers to cause kernel panics or potentially execute arbitrary code. This affects Linux systems using ACPI boot with PCI host bridges, particularly ARM-based platforms like Juno boards. The vulnerability occurs when a wrongly marked initialization function remains registered after being freed.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated, but patches target stable kernel trees. Likely affects versions with the vulnerable GIC-V2M code.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ACPI boot configuration and PCI host bridge support. Particularly reproducible on ARM Juno boards with ACPI.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution if combined with other vulnerabilities.

🟠

Likely Case

System instability, kernel panics, or crashes during PCI host bridge initialization, causing denial of service.

🟢

If Mitigated

Minimal impact with proper kernel hardening and exploit mitigations like KASLR and SMAP/SMEP.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger PCI host bridge operations.

🏢 Internal Only: MEDIUM - Local attackers or malicious processes could trigger the vulnerability to cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering PCI host bridge probe operations. The vulnerability is reliably reproducible on specific hardware configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees via provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/0c241dedc43a036599757cd08f356253fa3e5014

Restart Required: Yes

Instructions:

1. Identify current kernel version. 2. Apply relevant kernel patch from stable tree. 3. Rebuild kernel if using custom build. 4. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable ACPI boot

linux

Boot with ACPI disabled to avoid triggering the vulnerable code path

Add 'acpi=off' to kernel boot parameters in GRUB or bootloader

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable configurations
Monitor for kernel panic events and system instability related to PCI initialization

🔍 How to Verify

Check if Vulnerable:

Check kernel version and configuration: 'uname -r' and verify if using ACPI with GIC-V2M support

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update and check that patches are applied: 'uname -r' and review kernel changelog

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages mentioning gicv2m_get_fwnode
PCI host bridge probe failures
Use-after-free kernel oops messages

Network Indicators:

None - local vulnerability only

SIEM Query:

search 'kernel panic' OR 'oops' OR 'gicv2m_get_fwnode' in system logs

📊 Metadata

CVE ID: CVE-2025-37819

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.03% exploit probability (8.3th percentile)

Published: May 8, 2025

Last Updated: November 12, 2025

🔗 References

https://git.kernel.org/stable/c/0c241dedc43a036599757cd08f356253fa3e5014 Patch
https://git.kernel.org/stable/c/2f2803e4b5e4df2b08d378deaab78b1681ef9b30 Patch
https://git.kernel.org/stable/c/3318dc299b072a0511d6dfd8367f3304fb6d9827 Patch
https://git.kernel.org/stable/c/3939d6f29d34cdb60e3f68b76e39e00a964a1d51 Patch
https://git.kernel.org/stable/c/47bee0081b483b077c7560bc5358ad101f89c8ef Patch
https://git.kernel.org/stable/c/b63de43af8d215b0499eac28b2caa4439183efc1 Patch
https://git.kernel.org/stable/c/dc0d654eb4179b06d3206e4396d072108b9ba082 Patch
https://git.kernel.org/stable/c/f95659affee301464f0d058d528d96b35b452da8 Patch
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37819, you might also want to check these: