Home

Description

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "num_cpu" from user space The maximum supported cpu number is EIOINTC_ROUTE_MAX_VCPUS about irqchip EIOINTC, here add validation about cpu number to avoid array pointer overflow.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-25 | Updated 2025-07-28 | Assigner Linux

Product status

Default status
unaffected

1ad7efa552fd5cf4e8c49fea863c5c6a5dcf9f00 (git) before a3293b4078ee93174f70f36d3ab7618554ce6ab6
affected

1ad7efa552fd5cf4e8c49fea863c5c6a5dcf9f00 (git) before cc8d5b209e09d3b52bca1ffe00045876842d96ae
affected

Default status
affected

6.13
affected

Any version before 6.13
unaffected

6.15.5 (semver)
unaffected

6.16 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/a3293b4078ee93174f70f36d3ab7618554ce6ab6

git.kernel.org/...c/cc8d5b209e09d3b52bca1ffe00045876842d96ae

cve.org (CVE-2025-38366)

nvd.nist.gov (CVE-2025-38366)

Download JSON