Main Vulnerability Database SB20260320106

SB20260320106 - Improper Access Control in Linux kernel loongarch kernel

Published: March 20, 2026

Security Bulletin ID SB20260320106

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Access Control (CVE-ID: CVE-2025-71270)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper error handling in the LoongArch BPF JIT exception recovery mechanism when processing memory access operations triggered by BPF_PROBE_MEM* instructions. A local user can execute a specially crafted BPF program to cause a denial of service.

The vulnerability specifically affects LoongArch architecture systems where BPF programs perform memory access operations that trigger ADEM exceptions. Proper fixup handling was missing in the architecture-specific trap handler prior to the patch.

Remediation

Install update from vendor's website.

SB20260320106 - Improper Access Control in Linux kernel loongarch kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human