CVE-2025-71109

EPSS 0.02%
Veröffentlicht 14.01.2026 15:15:59
Zuletzt bearbeitet 14.01.2026 16:25:12
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits

Since commit e424054000878 ("MIPS: Tracing: Reduce the overhead of
dynamic Function Tracer"), the macro UASM_i_LA_mostly has been used,
and this macro can generate more than 2 instructions. At the same
time, the code in ftrace assumes that no more than 2 instructions can
be generated, which is why it stores them in an int[2] array. However,
as previously noted, the macro UASM_i_LA_mostly (and now UASM_i_LA)
causes a buffer overflow when _mcount is beyond 32 bits. This leads to
corruption of the variables located in the __read_mostly section.

This corruption was observed because the variable
__cpu_primary_thread_mask was corrupted, causing a hang very early
during boot.

This fix prevents the corruption by avoiding the generation of
instructions if they could exceed 2 instructions in
length. Fortunately, insn_la_mcount is only used if the instrumented
code is located outside the kernel code section, so dynamic ftrace can
still be used, albeit in a more limited scope. This is still
preferable to corrupting memory and/or crashing the kernel.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < e3e33ac2eb69d595079a1a1e444c2fb98efdd42d

Version e424054000878d7eb11e44289242886d6e219d22

Status affected

Version < 7f39b9d0e86ed6236b9a5fb67616ab1f76c4f150

Version e424054000878d7eb11e44289242886d6e219d22

Status affected

Version < 36dac9a3dda1f2bae343191bc16b910c603cac25

Version e424054000878d7eb11e44289242886d6e219d22

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.35

Status affected

Version < 2.6.35

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.05

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/36dac9a3dda1f2bae343191bc16b910c603cac25

https://git.kernel.org/stable/c/7f39b9d0e86ed6236b9a5fb67616ab1f76c4f150

https://git.kernel.org/stable/c/e3e33ac2eb69d595079a1a1e444c2fb98efdd42d

https://nvd.nist.gov/vuln/detail/CVE-2025-71109

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71109

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71109

EUVD