CVE-2025-37885: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37885 was discovered in the Linux kernel, specifically affecting the KVM x86 subsystem. The vulnerability was published on May 9, 2025, and involves issues with IRTE (Interrupt Remapping Table Entry) handling in the kernel's virtualization infrastructure (NVD CVE, Wiz).

The vulnerability occurs when updating IRTE control if the new GSI route isn't postable. The issue specifically involves the restoration of an IRTE back to host control (remapped or posted MSI mode) when the new GSI route prevents posting the IRQ directly to a vCPU. The current implementation only updates the IRTE if the new GSI is an MSI, which can result in KVM leaving an IRTE posting to a vCPU. According to Red Hat's assessment, this vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat CVE).

The vulnerability can lead to interrupts being incorrectly delivered to the guest system. In worst-case scenarios, this can result in use-after-free conditions, particularly if the VM is torn down but the underlying host IRQ isn't properly freed (NVD CVE).

Red Hat Enterprise Linux 9 has deferred the fix for both the kernel and kernel-rt packages. Red Hat Enterprise Linux 6 and 7 are not affected by this vulnerability (Red Hat CVE).