VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 16, 2025· Updated Apr 15, 2026

CVE-2025-40358

CVE-2025-40358

Description

In the Linux kernel, the following vulnerability has been resolved:

riscv: stacktrace: Disable KASAN checks for non-current tasks

Unwinding the stack of a task other than current, KASAN would report "BUG: KASAN: out-of-bounds in walk_stackframe+0x41c/0x460"

There is a same issue on x86 and has been resolved by the commit 84936118bdf3 ("x86/unwind: Disable KASAN checks for non-current tasks") The solution could be applied to RISC-V too.

This patch also can solve the issue: https://seclists.org/oss-sec/2025/q4/23

[pjw@kernel.org: clean up checkpatch issues]

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel, a KASAN out-of-bounds error occurs when unwinding the stack of a non-current task's stack on RISC-V, fixed by disabling KASAN checks for such tasks.

Vulnerability

In the Linux kernel, when unwinding the stack of a task other than the current one on RISC-V, KASAN (Kernel Address Sanitizer) incorrectly reports a "BUG: KASAN: out-of-bounds in walk_stackframe+0x41c/0x460". This is a false positive caused by KASAN checking memory accesses that are actually valid for non-current tasks. The same issue was previously resolved on x86 by commit 84936118bdf3 ("x86/unwind: Disable KASAN checks for non-current tasks").

Exploitation

This vulnerability is triggered during stack unwinding operations for tasks that are not currently running. An attacker would need to be able to trigger such an unwinding, which typically requires local access or the ability to influence kernel stack tracing. No special privileges are required beyond those needed to initiate stack unwinding for another task.

Impact

The impact is a kernel panic or system crash due to the KASAN false positive, leading to a denial of service. The out-of-bounds report is spurious and does not represent an actual memory safety violation, but it can disrupt system operation.

Mitigation

The fix disables KASAN checks for non-current tasks during stack unwinding on RISC-V, mirroring the x86 solution applied to x86. The patch has been applied to the Linux kernel stable tree [1][2]. Users should update to a kernel version containing this fix.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

5
ef4d626ac59a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f34ba22989da
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
27379fcc15a1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
2c8d2b53866f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
060ea84a484e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.