Linux Kernel Vulnerability in RISC-V Vector Context Management
CVE-2025-38435

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38435?

A vulnerability exists in the Linux kernel where the context save/restore functionality for RISC-V vector registers was not implemented correctly. Specifically, while registers v0-v7 were appropriately saved and restored, registers v8-v31 were left in an inconsistent state, leading to potential corruption of userspace processes. This flaw necessitates an update to ensure proper handling of all relevant vector registers to maintain system stability and security.

Affected Version(s)

Linux d863910eabaffc68eb28aaf476dd870fc3f7197d

Linux d863910eabaffc68eb28aaf476dd870fc3f7197d < 4262bd0d9cc704ea1365ac00afc1272400c2cbef

Linux 6.14

References

https://git.kernel.org/stable/c/dd5ceea8d50e9e108a10d1e0d...

https://git.kernel.org/stable/c/4262bd0d9cc704ea1365ac00a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025