CVE-2025-38493

EPSS 0.03%
Published 28.07.2025 11:22:02
Last modified 29.07.2025 14:14:29
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

tracing/osnoise: Fix crash in timerlat_dump_stack()

We have observed kernel panics when using timerlat with stack saving,
with the following dmesg output:

memcpy: detected buffer overflow: 88 byte write of buffer size 0
WARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0
CPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy)
Call Trace:
 <TASK>
 ? trace_buffer_lock_reserve+0x2a/0x60
 __fortify_panic+0xd/0xf
 __timerlat_dump_stack.cold+0xd/0xd
 timerlat_dump_stack.part.0+0x47/0x80
 timerlat_fd_read+0x36d/0x390
 vfs_read+0xe2/0x390
 ? syscall_exit_to_user_mode+0x1d5/0x210
 ksys_read+0x73/0xe0
 do_syscall_64+0x7b/0x160
 ? exc_page_fault+0x7e/0x1a0
 entry_SYSCALL_64_after_hwframe+0x76/0x7e

__timerlat_dump_stack() constructs the ftrace stack entry like this:

struct stack_entry *entry;
...
memcpy(&entry->caller, fstack->calls, size);
entry->size = fstack->nr_entries;

Since commit e7186af7fb26 ("tracing: Add back FORTIFY_SOURCE logic to
kernel_stack event structure"), struct stack_entry marks its caller
field with __counted_by(size). At the time of the memcpy, entry->size
contains garbage from the ringbuffer, which under some circumstances is
zero, triggering a kernel panic by buffer overflow.

Populate the size field before the memcpy so that the out-of-bounds
check knows the correct size. This is analogous to
__ftrace_trace_stack().

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 823d798900481875ba6c68217af028c5ffd2976b

Version e7186af7fb2609584a8bfb3da3c6ae09da5a5224

Status affected

Version < 7bb9ea515cda027c9e717e27fefcf34f092e7c41

Version e7186af7fb2609584a8bfb3da3c6ae09da5a5224

Status affected

Version < fbf90f5aa7ac7cddc69148a71d58f12c8709ce2b

Version e7186af7fb2609584a8bfb3da3c6ae09da5a5224

Status affected

Version < 85a3bce695b361d85fc528e6fbb33e4c8089c806

Version e7186af7fb2609584a8bfb3da3c6ae09da5a5224

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.6

Status affected

Version < 6.6

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.100

Status unaffected

Version <= 6.12.*

Version 6.12.40

Status unaffected

Version <= 6.15.*

Version 6.15.8

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/823d798900481875ba6c68217af028c5ffd2976b

https://git.kernel.org/stable/c/7bb9ea515cda027c9e717e27fefcf34f092e7c41

https://git.kernel.org/stable/c/fbf90f5aa7ac7cddc69148a71d58f12c8709ce2b

https://git.kernel.org/stable/c/85a3bce695b361d85fc528e6fbb33e4c8089c806

https://nvd.nist.gov/vuln/detail/CVE-2025-38493

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38493

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38493

EUVD