Kernel Vulnerability in Linux Affecting RISC-V Architecture by Sophgo
CVE-2025-38407

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38407?

A vulnerability in the Linux kernel's RISC-V architecture can disrupt the NUMA boot process on Sophgo's SG2042. This issue arises when the page percpu allocator is unexpectedly utilized during sparse configurations, which leads to the improper assumption of the physical address for the boot data. As a result, certain CPUs may attempt to access invalid memory addresses, causing them to hang during the boot sequence. A fix has been implemented by statically allocating an array for boot data, thus preventing these invalid accesses and ensuring a successful NUMA-enabled SMP boot.

Affected Version(s)

Linux 6b9f29b81b155af023da95f560f738f29722b306

Linux 6b9f29b81b155af023da95f560f738f29722b306 < 02c725cd55eb5052b88eeaa3f60a391ef4dcaec5

Linux 6b9f29b81b155af023da95f560f738f29722b306 < 2b29be967ae456fc09c320d91d52278cf721be1e

References

https://git.kernel.org/stable/c/f5fe094f35a37adea40b2fd52...

https://git.kernel.org/stable/c/02c725cd55eb5052b88eeaa3f...

https://git.kernel.org/stable/c/2b29be967ae456fc09c320d91...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025