PT-2026-8175 · Linux · Linux Kernel
Published
2025-01-01
·
Updated
2026-04-20
·
CVE-2025-71203
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The Linux kernel contains a flaw where the syscall number, a user-controlled value, is used to index into the syscall table. This can lead to speculative out-of-bounds access and potential data leakage through cache side channels. The issue is addressed by using
array index nospec() to clamp the syscall number after a bounds check. The vulnerable component is the syscall table indexing process. The syscall number is a user-controlled value.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel