{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40065", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.159Z", "datePublished": "2025-10-28T11:48:35.785Z", "dateUpdated": "2026-05-11T21:41:48.145Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:41:48.145Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRISC-V: KVM: Write hgatp register with valid mode bits\n\nAccording to the RISC-V Privileged Architecture Spec, when MODE=Bare\nis selected,software must write zero to the remaining fields of hgatp.\n\nWe have detected the valid mode supported by the HW before, So using a\nvalid mode to detect how many vmid bits are supported."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/kvm/vmid.c"], "versions": [{"version": "fd7bb4a251dfc1da3496bf59a4793937c13e8c1f", "lessThan": "d00b61cd37f4c183ce0edbc9f8ccf6d5430ea357", "status": "affected", "versionType": "git"}, {"version": "fd7bb4a251dfc1da3496bf59a4793937c13e8c1f", "lessThan": "2b351e3d04be9e1533f26c3464f1e44a5beace30", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/kvm/vmid.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.3", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.17.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d00b61cd37f4c183ce0edbc9f8ccf6d5430ea357"}, {"url": "https://git.kernel.org/stable/c/2b351e3d04be9e1533f26c3464f1e44a5beace30"}], "title": "RISC-V: KVM: Write hgatp register with valid mode bits", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRISC-V: KVM: Write hgatp register with valid mode bits\n\nAccording to the RISC-V Privileged Architecture Spec, when MODE=Bare\nis selected,software must write zero to the remaining fields of hgatp.\n\nWe have detected the valid mode supported by the HW before, So using a\nvalid mode to detect how many vmid bits are supported."}], "id": "CVE-2025-40065", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2025-10-28T12:15:40.950", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2b351e3d04be9e1533f26c3464f1e44a5beace30"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d00b61cd37f4c183ce0edbc9f8ccf6d5430ea357"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: RISC-V: KVM: Write hgatp register with valid mode bits", "id": "2406737", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406737"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-40065", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40065\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40065\nhttps://lore.kernel.org/linux-cve-announce/2025102817-CVE-2025-40065-7740@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-10-29T10:58:17.025932+00:00", "updated": "2025-10-29T10:58:17.025957+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}