Linux Kernel KASAN Stack-Out-Of-Bounds Vulnerability in RISC-V Architecture

Vulnerability

A stack-out-of-bounds vulnerability has been identified in the Linux kernel's RISC-V architecture, specifically when the CONFIG_FRAME_POINTER option is disabled. In this scenario, the stack unwinding function 'walk_stackframe' can unpredictably read stack data. If Kernel Address Sanitizer (KASAN) is enabled, this improper stack handling can trigger a KASAN error, indicating a bad memory access. The issue arises because the stack unwinding process does not accurately track stack frames, leading to potential memory corruption or undefined behavior.

Impact

Exploitation of this vulnerability can cause a stack-out-of-bounds error, as reported by KASAN, indicating a bad access to memory. This type of error can lead to memory corruption, the introduction of vulnerabilities, or the bypassing of security mechanisms.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel KASAN Stack-Out-Of-Bounds Vulnerability in RISC-V Architecture

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating