Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
CVE-2025-38366: Linux KVM on LoongArch: Prevent CPU Number Overflow
CVE-2025-38366
Summary
A bug in the Linux kernel's KVM feature on LoongArch architecture could allow an attacker to cause a crash by passing an invalid number of CPUs. This has been fixed in the Linux kernel to prevent potential crashes. Update your kernel to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| linux | linux_kernel |
>= 6.13, < 6.15.5 6.16 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
Original title
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Check validity of "num_cpu" from user space
The maximum supported cpu number is EIOINTC_ROUTE_MAX_VCPUS about
i...
Original description
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Check validity of "num_cpu" from user space
The maximum supported cpu number is EIOINTC_ROUTE_MAX_VCPUS about
irqchip EIOINTC, here add validation about cpu number to avoid array
pointer overflow.
LoongArch: KVM: Check validity of "num_cpu" from user space
The maximum supported cpu number is EIOINTC_ROUTE_MAX_VCPUS about
irqchip EIOINTC, here add validation about cpu number to avoid array
pointer overflow.
nvd CVSS3.1
7.8
Published: 25 Jul 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026