CVE-2025-40065

Vulnerability

In the Linux kernel, RISC-V KVM implementation mishandles the hgatp register when the MODE field is set to Bare. According to the RISC-V Privileged Architecture Specification, when MODE=Bare, software must write zero to all remaining fields of hgatp. The code failed to enforce this requirement, potentially leaving stale or incorrect bits in the register.

Exploitation

This vulnerability is accessible to attackers with low privileges required and local access, as it involves guest VM operations that may cause the KVM hypervisor to program hgatp incorrectly. The attacker would need the ability to influence the VMID allocation or register configuration, though specific prerequisites are not detailed.

Impact

Improper handling of hgatp could lead to incorrect VMID bit detection and allocation. This might compromise isolation between virtual machines, potentially allowing a malicious guest to affect other guests or the host. The exact security consequences are not fully specified, but the deviation from the spec indicates a potential for hardware-software misbehavior.

Mitigation

The fix is incorporated in the stable kernel tree as a commit addressing this issue. Users should update to a kernel version containing this patch to ensure correct hgatp register programming and avoid undefined behavior.