CVE-2025-39704
📋 TL;DR
A stack buffer overflow vulnerability exists in the Linux kernel's KVM (Kernel-based Virtual Machine) implementation for LoongArch architecture. When CONFIG_STACKPROTECTOR is enabled, the send_ipi_data() function can be exploited to corrupt kernel memory, potentially leading to system crashes or privilege escalation. This affects systems running Linux kernels with KVM enabled on LoongArch hardware.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation allowing attackers to execute arbitrary code in kernel context.
Likely Case
Kernel panic and system crash when the vulnerability is triggered, causing denial of service for virtual machines and the host system.
If Mitigated
System remains stable if CONFIG_STACKPROTECTOR is disabled, though this reduces overall security posture.
🎯 Exploit Status
Exploitation requires access to KVM interface and ability to trigger specific emulation functions. The vulnerability is triggered through normal KVM operations when buffer size constraints are violated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commit 5c68549c81bcca70fc464e305ffeefd9af968287 or later
Vendor Advisory: https://git.kernel.org/stable/c/5c68549c81bcca70fc464e305ffeefd9af968287
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commit. 2. For distributions: Apply kernel security updates from your vendor. 3. Recompile kernel if building from source with the patched code.
🔧 Temporary Workarounds
Disable CONFIG_STACKPROTECTOR
allDisable stack protector feature in kernel configuration to prevent the buffer overflow detection from triggering kernel panic
Rebuild kernel with CONFIG_STACKPROTECTOR=n in kernel configuration
Disable KVM on LoongArch
allDisable KVM virtualization support if not required
Remove kvm modules: rmmod kvm
Prevent loading: echo 'blacklist kvm' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict KVM access to trusted users only
- Monitor system logs for stack protector failures and kernel panic events
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if running on LoongArch with KVM enabled: uname -r && grep -q LoongArch /proc/cpuinfo && lsmod | grep kvmCheck Version:
uname -rVerify Fix Applied:
Verify kernel includes the fix commit: grep -q '5c68549c81bcca70fc464e305ffeefd9af968287' /proc/version_signature || echo 'Check kernel source/git log'📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages containing 'stack-protector: Kernel stack is corrupted in: send_ipi_data'
- System crash/reboot events in system logs
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND "stack-protector" AND "send_ipi_data"