CVE-2025-37966 — Resource Exposure in Linux
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.1%
top 71.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 20
Latest updateAug 28
Description
In the Linux kernel, the following vulnerability has been resolved:
riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL
When userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not
available, the kernel crashes:
Oops - illegal instruction [#1]
[snip]
epc : set_tagged_addr_ctrl+0x112/0x15a
ra : set_tagged_addr_ctrl+0x74/0x15a
epc : ffffffff80011ace ra : ffffffff80011a30 sp : ffffffc60039be10
[snip]
status: 0000000200000120 badaddr: 0000000010a79073 cause: 0000000000000002
set_tagg…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux09d6775f503b393d0457c7126aa43208e1724004 — 4b595a2f5656cd45d534ed2160c94f7662adefe5+2
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime vulnerabilities↗2025-08-18
OSV▶
CVE-2025-37966: In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL When userspace does PR_SET_↗2025-05-20
GHSA▶
GHSA-w7gq-mpq5-98vw: In the Linux kernel, the following vulnerability has been resolved:
riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL
When userspace does PR_SE↗2025-05-20
📋Vendor Advisories
5Debian▶
CVE-2025-37966: linux - In the Linux kernel, the following vulnerability has been resolved: riscv: Fix ...↗2025