Impact
The issue originates from the Linux kernel's RISC‑V ptrace subsystem and manifests as an unexpected warning during core dump generation when the register set identifier used for CFI does not match the expected user‑named register set. The warning, categorised as a CWE‑209 (information exposure through log files) and CWE‑843 (type confusion or instance of type mismatch), does not enable an attacker to achieve code execution, modify data, or disrupt availability. It merely produces a diagnostic abort entry in the core dump.
Affected Systems
Linux kernel builds for RISC‑V processors that employ the ptrace interface and have not yet incorporated the commit 08200bef0983ffed039ab399df0cba8d900ce5fc. The affected kernels span all versions before this fix, regardless of distribution, as the underlying kernel source is the common factor.
Risk and Exploitability
The CVE record reports no EPSS score and the vulnerability is not listed in the CISA KEV catalog, indicating that no exploitation has been observed. Because the flaw only triggers a diagnostic warning in a core‑dump context and requires the ptrace subsystem to be active, the likelihood of an attacker leveraging it is effectively negligible. Overall risk remains low.
OpenCVE Enrichment