riscv

A newly assigned Linux kernel vulnerability, CVE-2026-23217, exposes a subtle but serious deadlock risk on RISC‑V systems when the kernel’s function tracer (ftrace) is configured to snapshot SBI ecall functions — a situation that can hang the entire system. The fix merged into the kernel trees...

CVE-2024-26902 exposes a narrowly scoped but real risk in the Linux kernel’s RISC‑V performance monitoring path: a coding error in the PMU overflow handler can, under specific conditions, trigger a NULL pointer dereference and kernel panic. Microsoft’s published advisory for this CVE calls out...

The Linux kernel received a focused upstream fix for CVE-2025-40079 — a RISC‑V specific BPF correctness bug where struct ops return values were not being sign‑extended according to the RISC‑V ABI, a mismatch that could trigger kernel panics in the ns_bpf_qdisc selftest and destabilize hosts...