Linux Kernel LoongArch KVM User-Space CPU Number Validation Vulnerability

Vulnerability

A vulnerability in the Linux kernel's KVM component for LoongArch architecture has been addressed. This issue involved inadequate validation of the 'num_cpu' parameter from user space, which could lead to array pointer overflow. The vulnerability was particularly relevant to the EIOINTC_IRQCHIP, where the maximum supported CPU number is defined by EIOINTC_ROUTE_MAX_VCPUS.

Impact

The vulnerability could have allowed for array pointer overflow, potentially leading to memory corruption or other unintended behavior.

Added: Jul 25, 2025, 3:11 PM

Updated: Jul 25, 2025, 7:24 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel LoongArch KVM User-Space CPU Number Validation Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating