CVE-2025-38261

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions:

Linux kernel versions 5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 and earlier.

Description:

A flaw exists in the Linux kernel's task switching routine on RISC-V architecture. Specifically, the issue relates to the handling of the SR SUM status during thread/task switching. Without proper saving and restoring of the SR SUM state, crashes can occur, particularly under heavy load conditions, such as those generated by the syz-stress tool. The root cause is related to the put user() macro within the schedule tail() function, which could lead to a panic when interacting with sleeping functions.

Recommendations:

Linux kernel versions prior to 5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 should be updated.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2025-13468

CVE-2025-38261

ECHO-1563-A367-496F

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-38261

Name of the Vulnerable Software and Affected Versions:

Description:

Recommendations:

Weakness Enumeration

Related Identifiers

Affected Products

References · 215