CVE-2025-21779: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21779 affects the Linux kernel's KVM (Kernel-based Virtual Machine) hypervisor component, specifically in its handling of Hyper-V SEND_IPI hypercalls. The vulnerability was discovered in January 2025 and disclosed in February 2025. The issue occurs when Hyper-V enlightenments are exposed to a guest without an in-kernel local APIC, leading to a NULL pointer dereference (NVD).

The vulnerability stems from improper validation of the local APIC state before processing Hyper-V's SENDIPI and SENDIPI_EX hypercalls. When Hyper-V enlightenments are exposed to a guest without an in-kernel local APIC, the system attempts to dereference a NULL pointer in the APIC handling code path. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a system crash through NULL pointer dereference when specific Hyper-V hypercalls are made in a KVM environment. This primarily affects system availability, with no direct impact on confidentiality or integrity (NVD).

The issue has been fixed by adding explicit validation of the local APIC state and modifying the CPUID feature advertisement. The fix ensures that Hyper-V's SENDIPI and SENDIPI_EX hypercalls support is only advertised when the local APIC is properly emulated/virtualized by KVM. The patch has been merged into the mainline kernel and backported to stable kernel versions (Kernel Patch).