PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-71270 Linux CVE debrief

CVE-2025-71270 is a Linux kernel flaw in LoongArch exception handling for BPF memory-access probes. The fix enables exception recovery for specific ADE subcodes so BPF_PROBE_MEM* instructions can be safely recovered through the BPF exception table mechanism. On affected LoongArch systems, a local BPF-capable user may be able to trigger unhandled recoverable access exceptions, resulting in kernel instability or denial of service.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-18
Original CVE updated
2026-05-21
Advisory published
2026-03-18
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distro security teams, and operators running LoongArch systems with eBPF/BPF support enabled should prioritize this. It matters most where local users can load or attach BPF programs.

Technical summary

The source description says the LoongArch BPF JIT generates EX_TYPE_BPF exception-fixup entries during compilation, but the architecture-specific do_ade() trap path also needs to call the common fixup routine for certain ADE subcodes. Without that proactive fixup, BPF_PROBE_MEM* memory accesses may not recover cleanly from access exceptions. NVD assigns CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and does not assign a specific CWE, listing NVD-CWE-noinfo. NVD marks affected Linux kernel ranges including 6.2 before 6.6.124, 6.7 before 6.12.70, 6.13 before 6.18.10, and 6.19-rc1 through 6.19-rc3.

Defensive priority

Medium. The issue is local and architecture-specific, but it can affect kernel availability on exposed LoongArch hosts that use BPF.

Recommended defensive actions

  • Apply the Linux kernel updates that include the referenced fix commits for LoongArch exception handling.
  • Confirm LoongArch systems are running kernel versions at or beyond the fixed release lines listed by NVD: 6.6.124, 6.12.70, 6.18.10, or later mainline builds containing the patch.
  • Inventory where BPF loading or attachment is permitted on LoongArch hosts and prioritize those systems for patching.
  • Watch for kernel crashes or instability tied to BPF programs and memory-access probes while remediation is in progress.
  • Use the official CVE and NVD records to track any future metadata updates or version-range changes.

Evidence notes

This debrief is based on the CVE description and NVD metadata only. The description states the LoongArch BPF JIT needed exception fixup support for recoverable memory-access errors generated by BPF_PROBE_MEM* instructions, and that do_ade() must call the common fixup routine. NVD lists the vulnerability as analyzed, with no specific CWE beyond NVD-CWE-noinfo, and provides patch references plus affected kernel version ranges. No KEV record is associated in the supplied corpus.

Official resources

Publicly disclosed in the CVE record on 2026-03-18; the supplied NVD record was last modified on 2026-05-21. No KEV listing was supplied.