CVE-2025-40181

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc7+

Description The Linux kernel contained a flaw related to memory mapping within KVM when running as a Secure Nested Paging (SNP) or Trusted Execution Technology (TDX) guest. Specifically, the legacy PCI hole, the memory region between the Top of Lower Usable DRAM and 4GiB, was not consistently mapped as Uncacheable (UC). This occurred when overriding Memory Type Range Registers (MTRRs) for TDX/SNP. The issue stemmed from the ACPI driver always mapping SystemMemory regions as Writeback (WB) on x86, while dedicated device drivers, such as those for the HPET and TPM, required Uncacheable or Write-Combine (WC) mappings. On bare metal and non-CoCO systems, firmware typically configured the PCI hole as UC, allowing the kernel to handle MTRR overrides correctly. However, with forced WB MTRRs in SNP and TDX guests, ACPI mappings could incorrectly request WB if established before the dedicated driver initialization, leading to ioremap failures and device probe errors, such as those observed with the TPM Trusted Platform Module (TPM).

Recommendations Update to Linux kernel version 6.16.0-rc7+ or a later version that includes the fix.