CVE-2025-40038: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) SVM (Secure Virtual Machine) component was discovered and identified as CVE-2025-40038. The issue affects the VM-Exit handler's fastpath emulation when the next RIP (Instruction Pointer) is invalid, particularly when KVM is running with nrips=false. This vulnerability was disclosed on October 28, 2025 (NVD).

The vulnerability occurs in the SVM's VM-Exit handler where the WRMSR and HLT fastpaths fail to properly handle cases where the next RIP is invalid. When the CPU doesn't provide the next RIP, SVM must decode and emulate to skip the instruction, which requires reading guest memory. This operation can fault and potentially sleep, which is problematic since the fastpath handlers run with IRQs disabled. The issue is essentially a reapplication of a previous fix (commit 5c30e8101e8d) but with different justification, as KVM now grabs SRCU when skipping the instruction for other reasons (NVD).

The vulnerability can lead to a system crash due to sleeping in an invalid context, as evidenced by the error message 'BUG: sleeping function called from invalid context'. This affects the stability and reliability of systems running KVM with SVM, particularly in virtualized environments (NVD).

The vulnerability has been resolved in the Linux kernel by modifying the VM-Exit handler to skip fastpath emulation when the next RIP isn't valid. The fix ensures proper handling of cases where KVM is running with nrips=false and prevents the system from entering an invalid sleeping state (NVD).