CVE-2025-71203
Unknown Unknown - Not Provided
Speculative Execution Side-Channel in Linux riscv Syscall Handling

Publication date: 2026-02-14

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall number is a user-controlled value used to index into the syscall table. Use array_index_nospec() to clamp this value after the bounds check to prevent speculative out-of-bounds access and subsequent data leakage via cache side channels.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-03-25
Generated
2026-05-07
AI Q&A
2026-02-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-71203
EUVD
EUVD-2025-206992
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.10 (exc)
linux linux_kernel From 6.4 (inc) to 6.12.70 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel on the RISC-V architecture. It involves the use of a user-controlled syscall number to index into the syscall table. Without proper sanitization, this can lead to speculative out-of-bounds access, which may allow data leakage through cache side channels. The fix involves using array_index_nospec() to clamp the syscall number after the bounds check, preventing speculative execution from accessing invalid memory locations.


How can this vulnerability impact me? :

This vulnerability can potentially allow an attacker to leak sensitive data from the kernel memory by exploiting speculative execution and cache side channels. Since the syscall number is user-controlled, an attacker could manipulate it to access data beyond the intended bounds, leading to unauthorized information disclosure.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart