{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-37966","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.974Z","datePublished":"2025-05-20T16:47:14.815Z","dateUpdated":"2026-05-11T21:18:41.061Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:18:41.061Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL\n\nWhen userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not\navailable, the kernel crashes:\n\nOops - illegal instruction [#1]\n    [snip]\nepc : set_tagged_addr_ctrl+0x112/0x15a\n ra : set_tagged_addr_ctrl+0x74/0x15a\nepc : ffffffff80011ace ra : ffffffff80011a30 sp : ffffffc60039be10\n    [snip]\nstatus: 0000000200000120 badaddr: 0000000010a79073 cause: 0000000000000002\n    set_tagged_addr_ctrl+0x112/0x15a\n    __riscv_sys_prctl+0x352/0x73c\n    do_trap_ecall_u+0x17c/0x20c\n    andle_exception+0x150/0x15c\n\nFix it by checking if Supm is available."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/riscv/kernel/process.c"],"versions":[{"version":"09d6775f503b393d0457c7126aa43208e1724004","lessThan":"4b595a2f5656cd45d534ed2160c94f7662adefe5","status":"affected","versionType":"git"},{"version":"09d6775f503b393d0457c7126aa43208e1724004","lessThan":"ae08d55807c099357c047dba17624b09414635dd","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/riscv/kernel/process.c"],"versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","status":"unaffected","versionType":"semver"},{"version":"6.14.7","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.14.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4b595a2f5656cd45d534ed2160c94f7662adefe5"},{"url":"https://git.kernel.org/stable/c/ae08d55807c099357c047dba17624b09414635dd"}],"title":"riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL","x_generator":{"engine":"bippy-1.2.0"}}}}