CVE-2025-22013

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to v5.17

Description: The issue is related to the way hyp code lazily saves the host's FPSIMD/SVE state in the Linux kernel, specifically in the KVM module for arm64 architecture. There are several problems with this approach, including the host SVE being discarded unexpectedly due to inconsistent configuration of TIF SVE and CPACR ELx.ZEN, the host SVE state being discarded after modification by ptrace, and the host FPMR value being discarded when running a non-protected VM. To avoid these issues, the host's FPSIMD/SVE/SME state is now eagerly saved and flushed when loading a vCPU.

Recommendations: For Linux kernel versions prior to v5.17, update to a version that includes the fix for this issue, which involves eagerly saving and flushing the host's FPSIMD/SVE/SME state when loading a vCPU. As a temporary workaround, consider disabling the use of FPSIMD/SVE in non-protected VMs to minimize the risk of exploitation. Restrict access to the fpsimd state and fpmr ptr variables, as they should not be used and will be removed in subsequent patches.