CVE-2025-38435
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-25

Last updated on: 2025-11-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: riscv: vector: Fix context save/restore with xtheadvector Previously only v0-v7 were correctly saved/restored, and the context of v8-v31 are damanged. Correctly save/restore v8-v31 to avoid breaking userspace.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2025-11-19
Generated
2026-05-07
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38435
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's RISC-V vector implementation. The issue was that the context save and restore functions only correctly handled vector registers v0 through v7, while registers v8 through v31 were not properly saved or restored. This could lead to corruption of the context for v8-v31, potentially causing userspace applications relying on these registers to malfunction. The fix ensures that all vector registers v0 through v31 are correctly saved and restored.


How can this vulnerability impact me? :

If you are running software on a Linux kernel with RISC-V vector support, this vulnerability could cause corruption of vector register state (v8-v31) during context switches. This may lead to incorrect behavior or crashes in userspace applications that use these vector registers, potentially causing instability or data corruption in those applications.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart