CVE-2025-37819 is a vulnerability identified in the Linux kernel specifically affecting the irqchip/gic-v2m driver, which handles Generic Interrupt Controller (GIC) version 2 with MSI (Message Signaled Interrupts) support. The root cause of the vulnerability lies in the improper use of the __init annotation on the function gicv2m_get_fwnode(). This function is registered as a callback (pci_msi_get_fwnode_cb) with the PCI subsystem to be invoked during PCI host bridge probing when ACPI (Advanced Configuration and Power Interface) is enabled. However, marking this callback as __init causes the function's memory to be freed after initialization, even though the PCI subsystem may call it later at runtime. This results in a use-after-free condition, leading to a kernel paging fault when the callback is invoked, causing a potential kernel crash or denial of service. The issue is reproducible on hardware platforms such as the Juno board with ACPI boot enabled. The vulnerability arises from a lifecycle management bug in kernel memory handling and callback registration, which can destabilize the system kernel and potentially be exploited to disrupt system availability or cause unpredictable behavior. No known exploits are reported in the wild as of the publication date. The vulnerability affects Linux kernel versions containing the specified commit hashes and requires patching to retain the function beyond initialization to prevent premature freeing.

For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with ACPI enabled and using the GIC v2 MSI interrupt controller, which is common in ARM-based platforms and embedded systems. The impact is mainly on system availability due to kernel crashes triggered by the use-after-free bug. Critical infrastructure, industrial control systems, telecommunications equipment, and embedded devices using Linux kernels with these configurations could experience unexpected downtime or instability. Although no remote code execution or privilege escalation is directly indicated, denial of service conditions in kernel space can disrupt business operations, especially in sectors relying on ARM-based Linux devices. Organizations using Linux servers or devices with affected kernels should be aware that this vulnerability could be triggered during PCI host bridge probing, potentially during hardware initialization or runtime device enumeration, leading to system crashes. This may affect cloud providers, telecom operators, and enterprises deploying ARM-based Linux systems in Europe. The lack of known exploits reduces immediate risk, but the vulnerability's presence in kernel code means that attackers with local access or the ability to trigger PCI probing could exploit it to cause denial of service.

1. Apply the official Linux kernel patches that correct the lifecycle management of gicv2m_get_fwnode(), ensuring the function is not marked __init and is retained for runtime use. Monitor Linux kernel mailing lists and vendor advisories for updated kernel releases addressing CVE-2025-37819. 2. For organizations unable to immediately patch, consider disabling ACPI or PCI host bridge probing features if feasible and if it does not impact critical functionality, to reduce the attack surface. 3. Implement strict access controls and monitoring on systems running affected kernels to detect abnormal kernel crashes or PCI subsystem errors that may indicate exploitation attempts. 4. Conduct thorough testing of kernel updates in staging environments, especially on ARM-based platforms like Juno boards or similar hardware, to validate stability and patch effectiveness. 5. Maintain up-to-date inventory of Linux kernel versions in use across the organization, focusing on embedded and ARM-based devices, to prioritize patching efforts. 6. Collaborate with hardware vendors and Linux distribution maintainers to ensure timely deployment of fixed kernel versions and backports for long-term support kernels.