CVE - CVE-2025-37929

CVE-ID
CVE-2025-37929	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Commit a5951389e58d ("arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists") added some additional CPUs to the Spectre-BHB workaround, including some new arrays for designs that require new 'k' values for the workaround to be effective. Unfortunately, the new arrays omitted the sentinel entry and so is_midr_in_range_list() will walk off the end when it doesn't find a match. With UBSAN enabled, this leads to a crash during boot when is_midr_in_range_list() is inlined (which was more common prior to c8c2647e69be ("arm64: Make _midr_in_range_list() an exported function")): \| Internal error: aarch64 BRK: 00000000f2000001 [#1] PREEMPT SMP \| pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) \| pc : spectre_bhb_loop_affected+0x28/0x30 \| lr : is_spectre_bhb_affected+0x170/0x190 \| [...] \| Call trace: \| spectre_bhb_loop_affected+0x28/0x30 \| update_cpu_capabilities+0xc0/0x184 \| init_cpu_features+0x188/0x1a4 \| cpuinfo_store_boot_cpu+0x4c/0x60 \| smp_prepare_boot_cpu+0x38/0x54 \| start_kernel+0x8c/0x478 \| __primary_switched+0xc8/0xd4 \| Code: 6b09011f 54000061 52801080 d65f03c0 (d4200020) \| ---[ end trace 0000000000000000 ]--- \| Kernel panic - not syncing: aarch64 BRK: Fatal exception Add the missing sentinel entries.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/090c8714efe1c3c470301cc2f794c1ee2a57746c URL:https://git.kernel.org/stable/c/090c8714efe1c3c470301cc2f794c1ee2a57746c MISC:https://git.kernel.org/stable/c/333579202f09e260e8116321df4c55f80a19b160 URL:https://git.kernel.org/stable/c/333579202f09e260e8116321df4c55f80a19b160 MISC:https://git.kernel.org/stable/c/3821cae9bd5a99a42d3d0be1b58e41f072cd4c4c URL:https://git.kernel.org/stable/c/3821cae9bd5a99a42d3d0be1b58e41f072cd4c4c MISC:https://git.kernel.org/stable/c/446289b8b36b2ee98dabf6388acbddcc33ed41be URL:https://git.kernel.org/stable/c/446289b8b36b2ee98dabf6388acbddcc33ed41be MISC:https://git.kernel.org/stable/c/6266b3509b2c6ebf2f9daf2239ff8eb60c5f5bd3 URL:https://git.kernel.org/stable/c/6266b3509b2c6ebf2f9daf2239ff8eb60c5f5bd3 MISC:https://git.kernel.org/stable/c/fee4d171451c1ad9e8aaf65fc0ab7d143a33bd72 URL:https://git.kernel.org/stable/c/fee4d171451c1ad9e8aaf65fc0ab7d143a33bd72
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)