CVE-2025-38435

EUVD-2025-22711
In the Linux kernel, the following vulnerability has been resolved:

riscv: vector: Fix context save/restore with xtheadvector

Previously only v0-v7 were correctly saved/restored,
and the context of v8-v31 are damanged.
Correctly save/restore v8-v31 to avoid breaking userspace.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.14 ≤
𝑥
< 6.15.5
linuxlinux_kernel
6.16:rc1
linuxlinux_kernel
6.16:rc2
linuxlinux_kernel
6.16:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.172-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-5
fixed
forky
7.0.7-1
fixed
sid
7.0.7-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.88-1
fixed
References
https://git.kernel.org/stable/c/4262bd0d9cc704ea1365ac00afc1272400c2cbef
https://git.kernel.org/stable/c/dd5ceea8d50e9e108a10d1e0d89fa2c9ff442ca2