Description
In the Linux kernel, the following vulnerability has been resolved:

LoongArch: Add spectre boundry for syscall dispatch table

The LoongArch syscall number is directly controlled by userspace, but
does not have a array_index_nospec() boundry to prevent access past the
syscall function pointer tables.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel on LoongArch processors, the syscall number is supplied by untrusted userspace and used directly as an index into the syscall dispatch table. The affected code path lacked a spectre boundary (array_index_nospec) that would normally restrict out‑of‑bounds speculatively executed reads. This omission allowed a local attacker to read kernel memory beyond the end of the table. Kernel memory contents could include sensitive data such as cryptographic keys or internal structures which might help the attacker elevate privileges. The vulnerability does not grant direct code execution; the immediate effect is read‑only leakage of kernel data. However, the ability to read arbitrary kernel memory may be leveraged by an attacker as a foothold for more advanced privilege‑escalation exploits. The CVSS score of 5.5 indicates a moderate severity level. The vulnerability is a local flaw that can be triggered by any user‑space program on the same machine. The EPSS score is < 1%, and the flaw is not listed in CISA KEV, indicating that no known large‑scale exploitation has been observed yet. The lack of bounds checking allows an attacker to read arbitrary kernel memory, which could aid further privilege escalation. Because the attack requires local execution and no remote code execution path is present, the overall risk is moderate, but remediation is still strongly advised.

Affected Systems

All Linux kernel builds running on LoongArch processors that have not yet incorporated the recent commit adding the spectre boundary to the syscall dispatch path are impacted. The affected products are all variants of the Linux kernel on LoongArch architecture. Specific version numbers are not disclosed in the kernel source revisions linked in the advisory. Therefore any LoongArch-based kernel older than those commits is vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity level. The vulnerability is a local flaw that can be triggered by any user‑space program on the same machine. The EPSS score is < 1%, and the flaw is not listed in CISA KEV, indicating that no known large‑scale exploitation has been observed yet. The lack of bounds checking allows an attacker to read arbitrary kernel memory, which could aid further privilege escalation. Because the attack requires local execution and no remote code execution path is present, the overall risk is moderate, but remediation is still strongly advised.

Generated by OpenCVE AI on June 18, 2026 at 02:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the LoongArch spectre boundary patch highlighted in commit c/07040904ad217545bef6a3750
  • If immediate kernel upgrade is not possible, install a temporary kernel patch that applies the array_index_nospec guard to the syscall dispatch table
  • Apply the same patch or rebuild the kernel with the speculatively safe syscall dispatch logic for all LoongArch architectures

Generated by OpenCVE AI on June 18, 2026 at 02:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 12:45:00 +0000


Tue, 16 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Thu, 28 May 2026 00:15:00 +0000


Wed, 27 May 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-129

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: LoongArch: Add spectre boundry for syscall dispatch table The LoongArch syscall number is directly controlled by userspace, but does not have a array_index_nospec() boundry to prevent access past the syscall function pointer tables.
Title LoongArch: Add spectre boundry for syscall dispatch table
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-19T11:58:50.818Z

Reserved: 2026-05-13T15:03:33.091Z

Link: CVE-2026-45993

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:16.853

Modified: 2026-06-17T10:52:51.830

Link: CVE-2026-45993

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45993 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T02:15:15Z

Weaknesses