Kernel Vulnerability in Linux for RISC-V Architecture
CVE-2025-38433

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38433?

A vulnerability exists in the Linux kernel related to RISC-V architecture, where the __runtime_fixup_32 function fails to manage zero values appropriately. This results in garbage data residing in registers that are intended to store pointers, leading to potential kernel panics when an invalid pointer is accessed. The flaw primarily affects nommu kernels, particularly when dealing with physical addresses below the 4GiB boundary. The root cause lies in the failure to modify the instruction flow adequately based on the required conditions, potentially jeopardizing system stability.

Affected Version(s)

Linux a44fb5722199de8338d991db5ad3d509192179bb < 0a24b00dcde83934a3cc13e4c6b775522903496b

Linux a44fb5722199de8338d991db5ad3d509192179bb < 8d90d9872edae7e78c3a12b98e239bfaa66f3639

Linux 6.15

References

https://git.kernel.org/stable/c/0a24b00dcde83934a3cc13e4c...

https://git.kernel.org/stable/c/8d90d9872edae7e78c3a12b98...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025