CVE-2025-71129

medium

Description

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic. This is done by adding a new emit_abi_ext() helper. The emit_abi_ext() helper performs extension in place meaning a value already store in the target register (Note: this is different from the existing sign_extend() helper and thus we can't reuse it).

References

https://git.kernel.org/stable/c/fd43edf357a3a1f5ed1c4bf450b60001c9091c39

https://git.kernel.org/stable/c/3f5a238f24d7b75f9efe324d3539ad388f58536e

https://git.kernel.org/stable/c/321993a874f571a94b5a596f1132f798c663b56e

https://git.kernel.org/stable/c/0d666db731e95890e0eda7ea61bc925fd2be90c6

Details

Source: Mitre, NVD

Published: 2026-01-14

Updated: 2026-01-14

Risk Information

CVSS v2

Base Score: 6.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018