CVE-2025-71203

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

riscv: Sanitize syscall table indexing under speculation

The syscall number is a user-controlled value used to index into the syscall table. Use array_index_nospec() to clamp this value after the bounds check to prevent speculative out-of-bounds access and subsequent data leakage via cache side channels.

EPSS Score: 0.00126 (0.027)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Improper Validation of Array Index


NIST

CREATED

UPDATED

EXPLOITABILITY SCORE

1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7high

Debian

CREATED

UPDATED

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7medium

Oracle

CREATED

UPDATED

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Photon

CREATED

UPDATED

ADVISORY ID

CVE-2025-71203

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7high