How to fix CVE-2025-37822?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Is Linux Kernel affected by CVE-2025-37822?

CVE-2025-37822 presents notable security risk rated CVSS 7.8. Exploitation could compromise the security of affected deployments. A patch is available and should be applied as part of regular vulnerability management.

CVE-2025-37822

HIGH

2025-05-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Linux RCE Linux Kernel Redhat Suse

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:45 vuln.today

Patch Released

Mar 17, 2026 - 20:45 nvd

Patch available

CVE Published

May 08, 2025 - 07:15 nvd

HIGH 7.8

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

riscv: uprobes: Add missing fence.i after building the XOL buffer

The XOL (execute out-of-line) buffer is used to single-step the replaced instruction(s) for uprobes. The RISC-V port was missing a proper fence.i (i$ flushing) after constructing the XOL buffer, which can result in incorrect execution of stale/broken instructions.

This was found running the BPF selftests "test_progs: uprobe_autoattach, attach_probe" on the Spacemit K1/X60, where the uprobes tests randomly blew up.

AnalysisAI

A vulnerability in the Linux kernel's RISC-V architecture implementation causes incorrect execution of uprobes due to missing instruction cache flushing after building the XOL (execute out-of-line) buffer. This affects Linux kernel versions from 6.4 up to 6.15-rc3 on RISC-V systems, potentially allowing local attackers with low privileges to gain complete system compromise through code execution, information disclosure, or denial of service. The vulnerability has a low EPSS score of 0.07% indicating minimal real-world exploitation activity currently.

Technical ContextAI

The vulnerability occurs in the RISC-V port of the Linux kernel's uprobes implementation, specifically in the XOL buffer construction process. Uprobes allow dynamic tracing by replacing instructions with breakpoints, and the XOL buffer is used to single-step the original instructions. The missing fence.i instruction, which is responsible for synchronizing the instruction cache with memory modifications, causes the processor to potentially execute stale or corrupted instructions from the cache instead of the newly constructed XOL buffer content. This architectural-specific issue was discovered during BPF selftests on Spacemit K1/X60 hardware where uprobe tests would randomly fail.

RemediationAI

Apply the available kernel patches immediately on all RISC-V-based Linux systems by upgrading to kernel versions 6.4.16 or later for the 6.4 branch, 6.5.4 or later for the 6.5 branch, or the latest stable release for your kernel branch that includes the fence.i fix (see https://git.kernel.org/stable/c/be6d98766ac952d38241d5a5b213f363afa421c3 and related commits). For systems that cannot be immediately patched, consider disabling or restricting access to uprobe functionality if not required for operations. Monitor system logs for unexpected crashes or behavior in uprobe-related operations as potential indicators of exploitation attempts.

Vendor StatusVendor

CVE-2025-37822 vulnerability details – vuln.today

Back

CVE-2025-37822

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Share

External POC / Exploit Code