CVE-2025-38367: 
Linux Ubuntu vulnerability analysis and mitigation

A vulnerability was identified in the Linux kernel affecting the LoongArch KVM implementation, tracked as CVE-2025-38367. The issue was disclosed on July 25, 2025, and involves an array index overflow problem in the EIOINTC_ENABLE register modification process (NVD, Red Hat).

The vulnerability occurs when the variable 'index' is modified and reused as an array index during the modification of the EIOINTC_ENABLE register in the LoongArch KVM implementation. This manipulation can lead to an array index overflow condition. The issue has been assigned a CVSS v3.1 base score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a moderate severity level (Red Hat).

The vulnerability affects the availability of the system through potential array index overflow, though it does not impact confidentiality or integrity. The attack requires local access and low privileges to exploit (Red Hat).

A fix has been developed and implemented in the Linux kernel to address the array index overflow issue. Most major Linux distributions have either patched their systems or marked them as not affected, including Red Hat Enterprise Linux versions 6 through 10 (Red Hat).