CVE-2025-39815
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39815
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39815.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39815
- Downstream
- Published
- 2025-09-16T13:00:16.250Z
- Modified
- 2025-11-17T01:55:47.544066Z
- Summary
- RISC-V: KVM: fix stack overrun when loading vlenb
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
RISC-V: KVM: fix stack overrun when loading vlenb
The userspace load can put up to 2048 bits into an xlen bit stack buffer. We want only xlen bits, so check the size beforehand.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2fa290372dfe7dd248b1c16f943f273a3e674f22Fixedc76bf8359188a11f8fd790e5bbd6077894a245cc
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2fa290372dfe7dd248b1c16f943f273a3e674f22Fixed6d28659b692a0212f360f8bd8a58712b339f9aac
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2fa290372dfe7dd248b1c16f943f273a3e674f22Fixed799766208f09f95677a9ab111b93872d414fbad7
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.16.2
v6.16.3
v6.16.4
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2025-39815-7c9b0f03",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d28659b692a0212f360f8bd8a58712b339f9aac",
"digest": {
"threshold": 0.9,
"line_hashes": [
"221746391669732134680163608625899196830",
"87573243582660954218866280051907891248",
"191583444602938268251537590533612556731"
]
},
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "arch/riscv/kvm/vcpu_vector.c"
}
},
{
"id": "CVE-2025-39815-8fc1cd63",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d28659b692a0212f360f8bd8a58712b339f9aac",
"digest": {
"function_hash": "132546180472947406729675958494068304612",
"length": 762.0
},
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "arch/riscv/kvm/vcpu_vector.c",
"function": "kvm_riscv_vcpu_set_reg_vector"
}
},
{
"id": "CVE-2025-39815-8fe6dd73",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@799766208f09f95677a9ab111b93872d414fbad7",
"digest": {
"function_hash": "132546180472947406729675958494068304612",
"length": 762.0
},
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "arch/riscv/kvm/vcpu_vector.c",
"function": "kvm_riscv_vcpu_set_reg_vector"
}
},
{
"id": "CVE-2025-39815-a5b37399",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c76bf8359188a11f8fd790e5bbd6077894a245cc",
"digest": {
"function_hash": "132546180472947406729675958494068304612",
"length": 762.0
},
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "arch/riscv/kvm/vcpu_vector.c",
"function": "kvm_riscv_vcpu_set_reg_vector"
}
},
{
"id": "CVE-2025-39815-d041a0c1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c76bf8359188a11f8fd790e5bbd6077894a245cc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"221746391669732134680163608625899196830",
"87573243582660954218866280051907891248",
"191583444602938268251537590533612556731"
]
},
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "arch/riscv/kvm/vcpu_vector.c"
}
},
{
"id": "CVE-2025-39815-eb7c5c1d",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@799766208f09f95677a9ab111b93872d414fbad7",
"digest": {
"threshold": 0.9,
"line_hashes": [
"221746391669732134680163608625899196830",
"87573243582660954218866280051907891248",
"191583444602938268251537590533612556731"
]
},
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "arch/riscv/kvm/vcpu_vector.c"
}
}
]