Skip to main content

Linux CVE-2025-71270

| EUVDEUVD-2025-208844 MEDIUM
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 21, 2026 - 18:37 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2025-208844
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
CVE Published
Mar 18, 2026 - 17:40 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: Enable exception fixup for specific ADE subcode

This patch allows the LoongArch BPF JIT to handle recoverable memory access errors generated by BPF_PROBE_MEM* instructions.

When a BPF program performs memory access operations, the instructions it executes may trigger ADEM exceptions. The kernel’s built-in BPF exception table mechanism (EX_TYPE_BPF) will generate corresponding exception fixup entries in the JIT compilation phase; however, the architecture-specific trap handling function needs to proactively call the common fixup routine to achieve exception recovery.

do_ade(): fix EX_TYPE_BPF memory access exceptions for BPF programs, ensure safe execution.

Relevant test cases: illegal address access tests in module_attach and subprogs_extable of selftests/bpf.

AnalysisAI

This vulnerability is a missing exception fixup handler in the LoongArch architecture's BPF JIT compiler that fails to properly recover from memory access exceptions (ADEM) triggered by BPF_PROBE_MEM* instructions. The Linux kernel on LoongArch systems (CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*) is affected, potentially allowing information disclosure or denial of service when BPF programs attempt to safely probe memory locations. This is not actively exploited (no KEV status), but patches are available across multiple stable kernel branches.

Technical ContextAI

The LoongArch CPU architecture uses ADEM (Address Error Memory) exceptions to signal memory access violations. The Linux kernel implements a BPF exception handling mechanism (EX_TYPE_BPF) that generates fixup entries during BPF JIT compilation to gracefully handle memory access faults from BPF_PROBE_MEM* instructions—a feature intended to allow safe speculative memory reads in eBPF programs. However, the architecture-specific trap handler (do_ade function) was not configured to invoke the common BPF exception recovery routine, leaving JIT-compiled BPF programs unable to recover from ADEM exceptions. This is a missing integration point between the LoongArch exception handling layer and the kernel's cross-architecture BPF exception framework, not a fundamental algorithmic flaw. The root cause relates to incomplete implementation of exception recovery semantics rather than a memory safety or access control bypass.

RemediationAI

Update the Linux kernel to a version that includes the BPF JIT exception fixup patches for LoongArch. Check your distribution's security advisories and kernel release notes for the specific version that includes commits from the git.kernel.org stable branch references (b9d9a221bd14, 73ede654d9da, c49a2806836, c2ed4f71e928, or 9bdc1ab5e4ce). For systems where immediate kernel updates are not possible, restrict BPF program loading to trusted sources by enforcing CAP_BPF-based access controls and disabling unprivileged BPF loading via the kernel.unprivileged_bpf_disabled sysctl parameter. Validate that any deployed BPF programs do not rely on BPF_PROBE_MEM* instructions to perform memory access error recovery until the patch is applied.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm fixed 6.1.164-1 -
bookworm (security) fixed 6.1.164-1 -
trixie fixed 6.12.73-1 -
trixie (security) fixed 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.18.10-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2025-71270 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy