Listen to this Post
How the mentioned CVE works:
The vulnerability exists in the KVM (Kernel Virtual Machine) subsystem for the LoongArch CPU architecture. When handling interrupts for the Extended I/O Interrupt Controller (EIOINTC), the code does not properly validate the `num_cpu` value provided by a user-space process. An attacker with privileges to create and run a VM could supply a large, malicious cpu number. This unchecked value is used as an index for an array, leading to an out-of-bounds write or read. This pointer arithmetic overflow can corrupt kernel memory, potentially resulting in a denial-of-service (system crash) or allowing arbitrary code execution within the kernel context, compromising the entire host system.
Platform: Linux Kernel
Version: LoongArch KVM
Vulnerability: Input Validation
Severity: Medium
date: 2025-07-25
Prediction: Patch expected by 2025-08-08
What Undercode Say:
`cat /proc/cpuinfo | grep -i loong`
`dmesg | grep -i kvm`
`grep -r “EIOINTC_ROUTE_MAX_VCPUS” /usr/src/linux-headers-/`
How Exploit:
Malicious user-space program configures KVM irqchip with oversized `num_cpu` value, triggering kernel memory corruption via array index overflow.
Protection from this CVE
Update kernel to patched version containing the validation check for `num_cpu` against EIOINTC_ROUTE_MAX_VCPUS. Restrict untrusted user access to /dev/kvm.
Impact:
Kernel memory corruption, host system crash, potential privilege escalation.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
