CVE-2025-37957: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was discovered in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem affecting the System Management Mode (SMM) handling during SHUTDOWN interception. The issue was identified in May 2025 and stems from an incomplete fix related to a previous vulnerability regarding nested mode vCPU reset. The vulnerability affects the Linux kernel's KVM virtualization infrastructure (NVD).

The vulnerability occurs when KVM forces a vCPU INIT after SHUTDOWN interception while the vCPU is in System Management Mode (SMM). The issue manifests when a triple fault occurs in SMM mode, triggered by a sequence of events: creating a KVM VM and vCPU, sending a KVM_SMI ioctl to explicitly enter SMM, and executing invalid instructions causing consecutive exceptions leading to a triple fault. This results in a warning message in the kernel log indicating improper handling of the INIT state during SMM (NVD).

The vulnerability can trigger kernel warnings and potentially lead to system instability when specific conditions are met in virtualized environments using KVM. While the immediate impact appears to be limited to warning messages, the underlying issue could affect the stability and proper functioning of virtual machines running under KVM (NVD).

The issue has been resolved in the Linux kernel by forcing the vCPU to exit SMM mode during SHUTDOWN interception. This fix ensures proper handling of the INIT state when dealing with SMM mode transitions. The solution involves modifying the behavior of KVM to handle the edge case where SHUTDOWN occurs while in SMM (NVD).