Linux Kernel RISC-V Access Validation Vulnerability Reversion

Vulnerability

A vulnerability in the Linux kernel's RISC-V architecture handling has been addressed by reverting a previous change that optimized user address validation. The original modification set the maximum user address to LONG_MAX, under the assumption that all user addresses are below this value. However, this oversight allowed certain invalid addresses to pass through the validation, as they were accepted by the 'get_user_pages_fast()' function, used by components like 'futex()'. The reversion restores the previous TASK_SIZE_MAX value, prioritizing correctness over performance.

Impact

The reversion of the optimization may lead to decreased performance in address validation, as the TASK_SIZE requires more computational resources compared to LONG_MAX.

Added: Jul 25, 2025, 4:04 PM

Updated: Jul 25, 2025, 4:04 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel RISC-V Access Validation Vulnerability Reversion

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating