Primary

Context

Linux Kernel LoongArch BPF Kfunc Argument Sign Extension Vulnerability

Vulnerability

Patched

A vulnerability exists in the Linux kernel's handling of BPF kfunc calls on LoongArch architecture. The issue arises because these native calls do not properly follow the LoongArch calling conventions, leading to potential kernel panics. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, invoke a BPF kfunc call on a LoongArch system without the proper sign extension of the call arguments. This can be done by creating a BPF program that calls a kfunc and deploying it on a LoongArch Linux kernel version prior to the patch.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: Jan 14, 2026, 3:36 PM

Updated: Jan 14, 2026, 4:45 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.4

remediation

7.7

relevance

2.2

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.4

remediation

7.7

relevance

2.2

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel LoongArch BPF Kfunc Argument Sign Extension Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating