CVE-2025-39704

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc1+ #102

Description A stack buffer overflow issue exists in the send ipi data() function within the Linux kernel, specifically related to the LoongArch architecture and KVM functionality. The kvm io bus read() function, called by send ipi data(), does not adequately validate the size of the buffer pointed to by the val parameter, potentially leading to a buffer overflow when CONFIG STACKPROTECTOR is enabled. This can result in a kernel panic, as demonstrated by the provided stack trace.

Recommendations Update to a version of the Linux kernel newer than 6.17.0-rc1+ #102.

Exploit

Fix

Uncontrolled Recursion

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-120

Related Identifiers

BDU:2026-03099

CVE-2025-39704

Affected Products

Astra Linux

Linux Kernel

CVE-2025-39704

Weakness Enumeration

Related Identifiers

Affected Products

References · 17