PT-2025-46635 · Linux+3 · Linux Kernel+3

Published

2025-08-27

Updated

2026-05-26

CVE-2025-40160

CVSS v2.0

1.7

Low

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the xen/events component. A change was made to the find virq() function to return -EEXIST when a VIRQ is bound to a different CPU than the one provided. The BUG ON() function was removed from bind virq to irq() to allow the error to propagate. This addresses a scenario where per-domain or global VIRQs, intended to be bound to CPU0, might fail during migration off CPU 0. A second call to bind these types of VIRQs is not expected, but the change prevents a fatal error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-670

Related Identifiers

BDU:2026-00274

CVE-2025-40160

ECHO-7A32-0D24-575C

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:0316-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

PT-2025-46635 · Linux+3 · Linux Kernel+3

CVE-2025-40160

Weakness Enumeration

Related Identifiers

Affected Products

References · 3286