In LoongArch machines the number of a syscall is accepted from untrusted userspace and used directly as an index into a syscall dispatch table. The patch that has just been applied adds a spectre boundary (array_index_nospec) that was missing, which previously allowed an attacker to read memory past the end of the table. The effect of the out‑of‑bounds access is that kernel memory can be leaked to userspace, potentially revealing sensitive information such as cryptographic material or kernel structures. The vulnerability does not directly provide a jump to arbitrary code, but the read of kernel memory can enable more advanced local attacks that may lead to privilege escalation.

All Linux kernel builds running on LoongArch processors that have not yet incorporated the recent commit adding the spectre boundary to the syscall dispatch path are impacted. The affected products are all variants of the Linux kernel on LoongArch architecture. Specific version numbers are not disclosed in the advisory; the change is referenced in the kernel source revisions linked in the advisory. Therefore any LoongArch-based kernel older than those commits is vulnerable.

The vulnerability is a local flaw that can be triggered by any user‑space program on the same machine. EPSS data is not available, and the flaw is not listed in CISA KEV, indicating that no known large‑scale exploitation has been observed yet. The lack of bounds checking allows an attacker to read arbitrary kernel memory, which could aid further privilege escalation. Because the attack requires local execution and no remote code execution path is present, the overall risk is moderate, but remediation is still strongly advised.