Vulnerability in Linux Kernel Affects RISC-V Architecture
CVE-2025-40065

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40065?

A vulnerability in the Linux kernel impacts systems using the RISC-V architecture. The flaw relates to improper handling of the hgatp register when the mode is set to Bare. Specifically, software must write zero to the remaining fields of the hgatp register under these conditions. Failure to address this could expose systems to security risks during virtual machine management, as it relies on detecting valid modes supported by hardware.

Affected Version(s)

Linux fd7bb4a251dfc1da3496bf59a4793937c13e8c1f

Linux fd7bb4a251dfc1da3496bf59a4793937c13e8c1f < 2b351e3d04be9e1533f26c3464f1e44a5beace30

Linux 5.16

References

https://git.kernel.org/stable/c/d00b61cd37f4c183ce0edbc9f...

https://git.kernel.org/stable/c/2b351e3d04be9e1533f26c346...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON