Linux Kernel Vulnerability in RISC-V Architecture from Major Vendor
CVE-2025-38261

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-38261?

A vulnerability in the Linux kernel affects the RISC-V architecture, where improper handling of thread/task switches leads to kernel access issues during high-load scenarios. The problem is exemplified by a crash occurring in the schedule_tail function due to the put_user() macro's misuse. This flaw can cause the SR_SUM state to be altered unexpectedly, risking system stability. The kernel code has been updated to evaluate arguments of critical user access functions before enabling user access, thus ensuring better resource management and preventing potential crashes in future implementations.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 69ea599a8dab93a620c92c255be4239a06290a77

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 788aa64c01f1262310b4c1fb827a36df170d86ea

Linux 6.15.5 <= 6.15.*

References

https://git.kernel.org/stable/c/69ea599a8dab93a620c92c255...

https://git.kernel.org/stable/c/788aa64c01f1262310b4c1fb8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Apr 16, 2025