CVE-2025-40358

2025-12-16 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Lifecycle Timeline

3
Patch Released
Mar 25, 2026 - 19:32 nvd
Patch available
Analysis Generated
Mar 25, 2026 - 11:22 vuln.today
CVE Published
Dec 16, 2025 - 14:15 nvd
N/A

Tags

Linux Kernel Denial Of Service

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: stacktrace: Disable KASAN checks for non-current tasks Unwinding the stack of a task other than current, KASAN would report "BUG: KASAN: out-of-bounds in walk_stackframe+0x41c/0x460" There is a same issue on x86 and has been resolved by the commit 84936118bdf3 ("x86/unwind: Disable KASAN checks for non-current tasks") The solution could be applied to RISC-V too. This patch also can solve the issue: https://seclists.org/oss-sec/2025/q4/23 [[email protected]: clean up checkpatch issues]

Analysis

Linux kernel stack unwinding on RISC-V architecture triggers false KASAN (Kernel Address Sanitizer) out-of-bounds warnings when analyzing non-current task stacks, causing denial of service through spurious memory safety violation reports. The vulnerability affects RISC-V systems running vulnerable kernel versions and is resolved through disabling KASAN instrumentation during stack unwinding operations for tasks other than the currently executing process, mirroring a previously fixed defect in x86 architecture. No public exploit code has been identified; the EPSS score of 0.03% (percentile 7%) indicates minimal real-world exploitation probability, though Ubuntu has released security notices (USN-8126-1 and USN-8125-1) suggesting coordinated patching efforts across distributions.

Technical Context

The vulnerability resides in the RISC-V stack unwinding code (walk_stackframe function) within the Linux kernel's architecture-specific implementation. KASAN is a dynamic memory safety checker integrated into the kernel that instruments memory access operations to detect out-of-bounds reads and writes. When unwinding the stack of a non-current task (process other than the one actively executing), the kernel accesses memory regions that KASAN legitimately instruments, but these accesses occur in a debugging context where the normal memory layout assumptions do not apply. The root cause is improper instrumentation scope: KASAN should not validate memory accesses during stack frame enumeration for kernel introspection operations. This is classified as a buffer overflow issue (CWE category) due to the false positive triggering on out-of-bounds detection, though the underlying mechanism is instrumentation misconfiguration rather than an actual memory corruption vulnerability. The fix applies KASAN_DISABLE annotations to the stack unwinding code path, consistent with the x86 resolution in commit 84936118bdf3.

Affected Products

Linux kernel versions incorporating the vulnerable RISC-V stack unwinding implementation are affected. Specific patched stable kernel commits are available at git.kernel.org: 060ea84a484e852b52b938f234bf9b5503a6c910, 27379fcc15a10d3e3780fe79ba3fc7ed1ccd78e2, 2c8d2b53866fb229b438296526ef0fa5a990e5e5, ef4d626ac59a56f8ec5cc09c1fef26f2923eec6f, and f34ba22989da61186f30a40b6a82e0b3337b96fc. Ubuntu systems are covered under security notices USN-8125-1 and USN-8126-1, indicating that Ubuntu Linux distributions aligned with affected kernel versions require patching. Exact version ranges for affected kernel releases are not explicitly provided in the source data, but references to multiple stable branch commits suggest the vulnerability spans multiple kernel versions across the RISC-V architecture line. Users operating RISC-V systems should consult their distribution's advisory (e.g., Ubuntu USN notices) for affected version identification.

Remediation

Apply the upstream kernel fix by upgrading to a patched kernel version incorporating one of the referenced commits (060ea84a484e852b52b938f234bf9b5503a6c910, 27379fcc15a10d3e3780fe79ba3fc7ed1ccd78e2, 2c8d2b53866fb229b438296526ef0fa5a990e5e5, ef4d626ac59a56f8ec5cc09c1fef26f2923eec6f, f34ba22989da61186f30a40b6a82e0b3337b96fc). For Ubuntu users, apply updates referenced in USN-8125-1 and USN-8126-1 through standard package management (apt-get update && apt-get upgrade linux-image-*). For other distributions, consult the respective vendor security advisory and kernel update channels. No workarounds short of patching are available, as the issue requires kernel-level code modification. If immediate patching is delayed, disable KASAN kernel compilation if not critical for your security posture (via CONFIG_KASAN=n at kernel build time), though this reduces memory safety instrumentation coverage globally. Verify patch deployment by confirming kernel version matches or exceeds the fixed commit date using uname -r and cross-referencing against the distribution's stable kernel release notes.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-40358 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy