riscv

CVE-2024-26902 exposes a narrowly scoped but real risk in the Linux kernel’s RISC‑V performance monitoring path: a coding error in the PMU overflow handler can, under specific conditions, trigger a NULL pointer dereference and kernel panic. Microsoft’s published advisory for this CVE calls out...

The Linux kernel received a focused upstream fix for CVE-2025-40079 — a RISC‑V specific BPF correctness bug where struct ops return values were not being sign‑extended according to the RISC‑V ABI, a mismatch that could trigger kernel panics in the ns_bpf_qdisc selftest and destabilize hosts...