Impact
In the Linux kernel on LoongArch processors, the syscall number is supplied by untrusted userspace and used directly as an index into the syscall dispatch table. The affected code path lacked a spectre boundary (array_index_nospec) that would normally restrict out‑of‑bounds speculatively executed reads. This omission allowed a local attacker to read kernel memory beyond the end of the table. Kernel memory contents could include sensitive data such as cryptographic keys or internal structures which might help the attacker elevate privileges. The vulnerability does not grant direct code execution; the immediate effect is read‑only leakage of kernel data. However, the ability to read arbitrary kernel memory may be leveraged by an attacker as a foothold for more advanced privilege‑escalation exploits. The CVSS score of 5.5 indicates a moderate severity level. The vulnerability is a local flaw that can be triggered by any user‑space program on the same machine. The EPSS score is < 1%, and the flaw is not listed in CISA KEV, indicating that no known large‑scale exploitation has been observed yet. The lack of bounds checking allows an attacker to read arbitrary kernel memory, which could aid further privilege escalation. Because the attack requires local execution and no remote code execution path is present, the overall risk is moderate, but remediation is still strongly advised.
Affected Systems
All Linux kernel builds running on LoongArch processors that have not yet incorporated the recent commit adding the spectre boundary to the syscall dispatch path are impacted. The affected products are all variants of the Linux kernel on LoongArch architecture. Specific version numbers are not disclosed in the kernel source revisions linked in the advisory. Therefore any LoongArch-based kernel older than those commits is vulnerable.
Risk and Exploitability
The CVSS score of 5.5 indicates a moderate severity level. The vulnerability is a local flaw that can be triggered by any user‑space program on the same machine. The EPSS score is < 1%, and the flaw is not listed in CISA KEV, indicating that no known large‑scale exploitation has been observed yet. The lack of bounds checking allows an attacker to read arbitrary kernel memory, which could aid further privilege escalation. Because the attack requires local execution and no remote code execution path is present, the overall risk is moderate, but remediation is still strongly advised.
OpenCVE Enrichment