{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T20:10:05.655","vulnerabilities":[{"cve":{"id":"CVE-2025-71109","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-14T15:15:59.973","lastModified":"2026-03-25T19:32:01.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits\n\nSince commit e424054000878 (\"MIPS: Tracing: Reduce the overhead of\ndynamic Function Tracer\"), the macro UASM_i_LA_mostly has been used,\nand this macro can generate more than 2 instructions. At the same\ntime, the code in ftrace assumes that no more than 2 instructions can\nbe generated, which is why it stores them in an int[2] array. However,\nas previously noted, the macro UASM_i_LA_mostly (and now UASM_i_LA)\ncauses a buffer overflow when _mcount is beyond 32 bits. This leads to\ncorruption of the variables located in the __read_mostly section.\n\nThis corruption was observed because the variable\n__cpu_primary_thread_mask was corrupted, causing a hang very early\nduring boot.\n\nThis fix prevents the corruption by avoiding the generation of\ninstructions if they could exceed 2 instructions in\nlength. Fortunately, insn_la_mcount is only used if the instrumented\ncode is located outside the kernel code section, so dynamic ftrace can\nstill be used, albeit in a more limited scope. This is still\npreferable to corrupting memory and/or crashing the kernel."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nMIPS: ftrace: Corrige la corrupción de memoria cuando el kernel está ubicado más allá de los 32 bits\n\nDesde el commit e424054000878 ('MIPS: Tracing: Reduce the overhead of dynamic Function Tracer'), se ha utilizado la macro UASM_i_LA_mostly, y esta macro puede generar más de 2 instrucciones. Al mismo tiempo, el código en ftrace asume que no se pueden generar más de 2 instrucciones, razón por la cual las almacena en un array int[2]. Sin embargo, como se señaló anteriormente, la macro UASM_i_LA_mostly (y ahora UASM_i_LA) causa un desbordamiento de búfer cuando _mcount está más allá de los 32 bits. Esto lleva a la corrupción de las variables ubicadas en la sección __read_mostly.\n\nEsta corrupción se observó porque la variable __cpu_primary_thread_mask fue corrompida, causando un cuelgue muy temprano durante el arranque.\n\nEsta corrección previene la corrupción evitando la generación de instrucciones si estas pudieran exceder las 2 instrucciones de longitud. Afortunadamente, insn_la_mcount solo se usa si el código instrumentado está ubicado fuera de la sección de código del kernel, por lo que ftrace dinámico aún puede usarse, aunque con un alcance más limitado. Esto sigue siendo preferible a corromper la memoria y/o colapsar el kernel."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35.1","versionEndExcluding":"6.12.64","matchCriteriaId":"CCB077B0-4E59-4D25-ABC0-E093FC6C8887"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.3","matchCriteriaId":"2DC484D8-FB4F-4112-900F-AE333B6FE7A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.35:-:*:*:*:*:*:*","matchCriteriaId":"11B11B98-42CE-41C8-A40E-FAA230FD2A76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*","matchCriteriaId":"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*","matchCriteriaId":"EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/36dac9a3dda1f2bae343191bc16b910c603cac25","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f39b9d0e86ed6236b9a5fb67616ab1f76c4f150","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3e33ac2eb69d595079a1a1e444c2fb98efdd42d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}