CVE-2025-22013: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-22013 is a vulnerability discovered in the Linux kernel's KVM (Kernel-based Virtual Machine) implementation for ARM64 architectures. The vulnerability was disclosed on April 8, 2025, and affects the handling of host FPSIMD/SVE/SME state management (NVD CVE).

The vulnerability stems from several issues in how the hypervisor code lazily saves the host's FPSIMD/SVE state. The specific problems include: Host SVE being discarded unexpectedly due to inconsistent configuration of TIF_SVE and CPACR_ELx.ZEN (resulting in QEMU crashes where SVE is used by memmove()), host SVE state being discarded after modification by ptrace (an unintentional ptrace ABI change), and the host FPMR value being discarded when running a non-protected VM where FPMR support is not exposed to a VM and that VM uses FPSIMD/SVE. These issues date back to at least kernel version 5.17 (NVD CVE).

The vulnerability can result in QEMU crashes when SVE is used by memmove(), as reported in Red Hat issue RHEL-68997. Additionally, it can lead to stale values being left in memory when the host's FPSIMD/SVE/SME state is not properly saved (NVD CVE).

The vulnerability has been resolved by implementing eager saving and 'flushing' of the host's FPSIMD/SVE/SME state when loading a vCPU. This ensures KVM does not need to save any of the host's FPSIMD/SVE/SME state. The fix includes removing fpsimd_kvm_prepare() and placing the necessary call to fpsimd_save_and_flush_cpu_state() in kvm_arch_vcpu_load_fp(). The fix needs to be backported to ALL stable trees due to the historical nature of the problems (NVD CVE).