VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Apr 15, 2026

CVE-2025-40136

CVE-2025-40136

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: hisilicon/qm - request reserved interrupt for virtual function

The device interrupt vector 3 is an error interrupt for physical function and a reserved interrupt for virtual function. However, the driver has not registered the reserved interrupt for virtual function. When allocating interrupts, the number of interrupts is allocated based on powers of two, which includes this interrupt. When the system enables GICv4 and the virtual function passthrough to the virtual machine, releasing the interrupt in the driver triggers a warning.

The WARNING report is: WARNING: CPU: 62 PID: 14889 at arch/arm64/kvm/vgic/vgic-its.c:852 its_free_ite+0x94/0xb4

Therefore, register a reserved interrupt for VF and set the IRQF_NO_AUTOEN flag to avoid that warning.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel hisilicon/qm driver: unregistered reserved interrupt for VF causes warning during interrupt release in VM passthrough.

In the Linux kernel's hisilicon/qm driver, interrupt vector 3 serves as an error interrupt for physical functions (PF) but is reserved for virtual functions (VF). The driver fails to register this reserved interrupt for VFs. Since interrupt allocation uses powers-of-two grouping, this unregistered interrupt is still included in the allocated set [1].

When the system enables GICv4 and a VF is passed through to a virtual machine, releasing the interrupt triggers a kernel warning in the GIC ITS code (vgic-its.c). The warning message indicates an invalid state transition, potentially leading to system instability or denial-of-service conditions [1].

The impact is limited to a kernel warning, which may escalate to a panic in certain configurations. Attackers with local access and the ability to manage VF passthrough could exploit this to cause disruptions. However, the vulnerability primarily manifests during normal operation under specific hardware and virtualization settings.

The fix registers the reserved interrupt for VFs with the IRQF_NO_AUTOEN flag, preventing the spurious warning. The patch has been accepted into the stable kernel tree [1]. Users should update to a kernel version containing commit 9228facb308157ac0bdd264b873187896f7a9c7a.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

2
854da2b0df16
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
9228facb3081
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.