{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-71203","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-31T11:36:51.194Z","datePublished":"2026-02-14T16:27:02.513Z","dateUpdated":"2026-05-11T21:56:39.295Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:56:39.295Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sanitize syscall table indexing under speculation\n\nThe syscall number is a user-controlled value used to index into the\nsyscall table. Use array_index_nospec() to clamp this value after the\nbounds check to prevent speculative out-of-bounds access and subsequent\ndata leakage via cache side channels."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/riscv/kernel/traps.c"],"versions":[{"version":"f0bddf50586da81360627a772be0e355b62f071e","lessThan":"33743ec6679aa364ee19d1afbaa50593e9e6e443","status":"affected","versionType":"git"},{"version":"f0bddf50586da81360627a772be0e355b62f071e","lessThan":"c45848936ebdb4fcab92f8c39510db83c16d0239","status":"affected","versionType":"git"},{"version":"f0bddf50586da81360627a772be0e355b62f071e","lessThan":"8b44e753795107a22ba31495686e83f4aca48f36","status":"affected","versionType":"git"},{"version":"f0bddf50586da81360627a772be0e355b62f071e","lessThan":"25fd7ee7bf58ac3ec7be3c9f82ceff153451946c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/riscv/kernel/traps.c"],"versions":[{"version":"6.4","status":"affected"},{"version":"0","lessThan":"6.4","status":"unaffected","versionType":"semver"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.70","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.10","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.130"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.12.70"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.18.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/33743ec6679aa364ee19d1afbaa50593e9e6e443"},{"url":"https://git.kernel.org/stable/c/c45848936ebdb4fcab92f8c39510db83c16d0239"},{"url":"https://git.kernel.org/stable/c/8b44e753795107a22ba31495686e83f4aca48f36"},{"url":"https://git.kernel.org/stable/c/25fd7ee7bf58ac3ec7be3c9f82ceff153451946c"}],"title":"riscv: Sanitize syscall table indexing under speculation","x_generator":{"engine":"bippy-1.2.0"}}}}