CVE-2025-71203 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall number is a user-controlled value used to index into the syscall table. Use array_index_nospec() to clamp this value after the bounds check to prevent speculative out-of-bounds access and subsequent data leakage via cache side channels.

PUBLISHED Reserved 2026-01-31 | Published 2026-02-14 | Updated 2026-02-16 | Assigner Linux

Product status

Default status

unaffected

f0bddf50586da81360627a772be0e355b62f071e (git) before c45848936ebdb4fcab92f8c39510db83c16d0239

affected

f0bddf50586da81360627a772be0e355b62f071e (git) before 8b44e753795107a22ba31495686e83f4aca48f36

affected

f0bddf50586da81360627a772be0e355b62f071e (git) before 25fd7ee7bf58ac3ec7be3c9f82ceff153451946c

affected

Default status

affected

6.4

affected

Any version before 6.4

unaffected

6.12.70 (semver)

unaffected

6.18.10 (semver)

unaffected

6.19 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/c45848936ebdb4fcab92f8c39510db83c16d0239

git.kernel.org/...c/8b44e753795107a22ba31495686e83f4aca48f36

git.kernel.org/...c/25fd7ee7bf58ac3ec7be3c9f82ceff153451946c

cve.org (CVE-2025-71203)

nvd.nist.gov (CVE-2025-71203)

Download JSON

help @ threatint.eu