CVE-2025-39704

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> LoongArch: KVM: Fix stack protector issue in send_ipi_data()<br /> <br /> Function kvm_io_bus_read() is called in function send_ipi_data(), buffer<br /> size of parameter *val should be at least 8 bytes. Since some emulation<br /> functions like loongarch_ipi_readl() and kvm_eiointc_read() will write<br /> the buffer *val with 8 bytes signed extension regardless parameter len.<br /> <br /> Otherwise there will be buffer overflow issue when CONFIG_STACKPROTECTOR<br /> is enabled. The bug report is shown as follows:<br /> <br /> Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: send_ipi_data+0x194/0x1a0 [kvm]<br /> CPU: 11 UID: 107 PID: 2692 Comm: CPU 0/KVM Not tainted 6.17.0-rc1+ #102 PREEMPT(full)<br /> Stack : 9000000005901568 0000000000000000 9000000003af371c 900000013c68c000<br /> 900000013c68f850 900000013c68f858 0000000000000000 900000013c68f998<br /> 900000013c68f990 900000013c68f990 900000013c68f6c0 fffffffffffdb058<br /> fffffffffffdb0e0 900000013c68f858 911e1d4d39cf0ec2 9000000105657a00<br /> 0000000000000001 fffffffffffffffe 0000000000000578 282049464555206e<br /> 6f73676e6f6f4c20 0000000000000001 00000000086b4000 0000000000000000<br /> 0000000000000000 0000000000000000 9000000005709968 90000000058f9000<br /> 900000013c68fa68 900000013c68fab4 90000000029279f0 900000010153f940<br /> 900000010001f360 0000000000000000 9000000003af3734 000000004390000c<br /> 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d<br /> ...<br /> Call Trace:<br /> [] show_stack+0x5c/0x180<br /> [] dump_stack_lvl+0x6c/0x9c<br /> [] vpanic+0x108/0x2c4<br /> [] panic+0x3c/0x40<br /> [] __stack_chk_fail+0x14/0x18<br /> [] send_ipi_data+0x190/0x1a0 [kvm]<br /> [] __kvm_io_bus_write+0xa4/0xe8 [kvm]<br /> [] kvm_io_bus_write+0x54/0x90 [kvm]<br /> [] kvm_emu_iocsr+0x180/0x310 [kvm]<br /> [] kvm_handle_gspr+0x280/0x478 [kvm]<br /> [] kvm_handle_exit+0xc0/0x130 [kvm]