cvelistv5 - cve-2025-38493

CVE-2025-38493 (GCVE-0-2025-38493)

Vulnerability from cvelistv5

Published

2025-07-28 11:22

Modified

2025-07-28 11:22

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix crash in timerlat_dump_stack() We have observed kernel panics when using timerlat with stack saving, with the following dmesg output: memcpy: detected buffer overflow: 88 byte write of buffer size 0 WARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0 CPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy) Call Trace: <TASK> ? trace_buffer_lock_reserve+0x2a/0x60 __fortify_panic+0xd/0xf __timerlat_dump_stack.cold+0xd/0xd timerlat_dump_stack.part.0+0x47/0x80 timerlat_fd_read+0x36d/0x390 vfs_read+0xe2/0x390 ? syscall_exit_to_user_mode+0x1d5/0x210 ksys_read+0x73/0xe0 do_syscall_64+0x7b/0x160 ? exc_page_fault+0x7e/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e __timerlat_dump_stack() constructs the ftrace stack entry like this: struct stack_entry *entry; ... memcpy(&entry->caller, fstack->calls, size); entry->size = fstack->nr_entries; Since commit e7186af7fb26 ("tracing: Add back FORTIFY_SOURCE logic to kernel_stack event structure"), struct stack_entry marks its caller field with __counted_by(size). At the time of the memcpy, entry->size contains garbage from the ringbuffer, which under some circumstances is zero, triggering a kernel panic by buffer overflow. Populate the size field before the memcpy so that the out-of-bounds check knows the correct size. This is analogous to __ftrace_trace_stack().

References

►

URL

Tags

	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7bb9ea515cda027c9e717e27fefcf34f092e7c41
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/823d798900481875ba6c68217af028c5ffd2976b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/85a3bce695b361d85fc528e6fbb33e4c8089c806
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/fbf90f5aa7ac7cddc69148a71d58f12c8709ce2b

Impacted products

Vendor

Product

Version

►

Linux

Version: e7186af7fb2609584a8bfb3da3c6ae09da5a5224
Version: e7186af7fb2609584a8bfb3da3c6ae09da5a5224
Version: e7186af7fb2609584a8bfb3da3c6ae09da5a5224
Version: e7186af7fb2609584a8bfb3da3c6ae09da5a5224

Linux

Version: 6.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace_osnoise.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "823d798900481875ba6c68217af028c5ffd2976b",
              "status": "affected",
              "version": "e7186af7fb2609584a8bfb3da3c6ae09da5a5224",
              "versionType": "git"
            },
            {
              "lessThan": "7bb9ea515cda027c9e717e27fefcf34f092e7c41",
              "status": "affected",
              "version": "e7186af7fb2609584a8bfb3da3c6ae09da5a5224",
              "versionType": "git"
            },
            {
              "lessThan": "fbf90f5aa7ac7cddc69148a71d58f12c8709ce2b",
              "status": "affected",
              "version": "e7186af7fb2609584a8bfb3da3c6ae09da5a5224",
              "versionType": "git"
            },
            {
              "lessThan": "85a3bce695b361d85fc528e6fbb33e4c8089c806",
              "status": "affected",
              "version": "e7186af7fb2609584a8bfb3da3c6ae09da5a5224",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace_osnoise.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.100",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.40",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.8",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix crash in timerlat_dump_stack()\n\nWe have observed kernel panics when using timerlat with stack saving,\nwith the following dmesg output:\n\nmemcpy: detected buffer overflow: 88 byte write of buffer size 0\nWARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0\nCPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy)\nCall Trace:\n \u003cTASK\u003e\n ? trace_buffer_lock_reserve+0x2a/0x60\n __fortify_panic+0xd/0xf\n __timerlat_dump_stack.cold+0xd/0xd\n timerlat_dump_stack.part.0+0x47/0x80\n timerlat_fd_read+0x36d/0x390\n vfs_read+0xe2/0x390\n ? syscall_exit_to_user_mode+0x1d5/0x210\n ksys_read+0x73/0xe0\n do_syscall_64+0x7b/0x160\n ? exc_page_fault+0x7e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n__timerlat_dump_stack() constructs the ftrace stack entry like this:\n\nstruct stack_entry *entry;\n...\nmemcpy(\u0026entry-\u003ecaller, fstack-\u003ecalls, size);\nentry-\u003esize = fstack-\u003enr_entries;\n\nSince commit e7186af7fb26 (\"tracing: Add back FORTIFY_SOURCE logic to\nkernel_stack event structure\"), struct stack_entry marks its caller\nfield with __counted_by(size). At the time of the memcpy, entry-\u003esize\ncontains garbage from the ringbuffer, which under some circumstances is\nzero, triggering a kernel panic by buffer overflow.\n\nPopulate the size field before the memcpy so that the out-of-bounds\ncheck knows the correct size. This is analogous to\n__ftrace_trace_stack()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T11:22:02.000Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/823d798900481875ba6c68217af028c5ffd2976b"
        },
        {
          "url": "https://git.kernel.org/stable/c/7bb9ea515cda027c9e717e27fefcf34f092e7c41"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbf90f5aa7ac7cddc69148a71d58f12c8709ce2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/85a3bce695b361d85fc528e6fbb33e4c8089c806"
        }
      ],
      "title": "tracing/osnoise: Fix crash in timerlat_dump_stack()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38493",
    "datePublished": "2025-07-28T11:22:02.000Z",
    "dateReserved": "2025-04-16T04:51:24.022Z",
    "dateUpdated": "2025-07-28T11:22:02.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38493\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-28T12:15:31.483\",\"lastModified\":\"2025-07-29T14:14:29.590\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntracing/osnoise: Fix crash in timerlat_dump_stack()\\n\\nWe have observed kernel panics when using timerlat with stack saving,\\nwith the following dmesg output:\\n\\nmemcpy: detected buffer overflow: 88 byte write of buffer size 0\\nWARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0\\nCPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy)\\nCall Trace:\\n \u003cTASK\u003e\\n ? trace_buffer_lock_reserve+0x2a/0x60\\n __fortify_panic+0xd/0xf\\n __timerlat_dump_stack.cold+0xd/0xd\\n timerlat_dump_stack.part.0+0x47/0x80\\n timerlat_fd_read+0x36d/0x390\\n vfs_read+0xe2/0x390\\n ? syscall_exit_to_user_mode+0x1d5/0x210\\n ksys_read+0x73/0xe0\\n do_syscall_64+0x7b/0x160\\n ? exc_page_fault+0x7e/0x1a0\\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n\\n__timerlat_dump_stack() constructs the ftrace stack entry like this:\\n\\nstruct stack_entry *entry;\\n...\\nmemcpy(\u0026entry-\u003ecaller, fstack-\u003ecalls, size);\\nentry-\u003esize = fstack-\u003enr_entries;\\n\\nSince commit e7186af7fb26 (\\\"tracing: Add back FORTIFY_SOURCE logic to\\nkernel_stack event structure\\\"), struct stack_entry marks its caller\\nfield with __counted_by(size). At the time of the memcpy, entry-\u003esize\\ncontains garbage from the ringbuffer, which under some circumstances is\\nzero, triggering a kernel panic by buffer overflow.\\n\\nPopulate the size field before the memcpy so that the out-of-bounds\\ncheck knows the correct size. This is analogous to\\n__ftrace_trace_stack().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing/osnoise: corrige fallo en timerlat_dump_stack() Hemos observado p\u00e1nicos en el kernel al usar timerlat con guardado de pila, con la siguiente salida de dmesg: memcpy: desbordamiento de b\u00fafer detectado: escritura de 88 bytes de tama\u00f1o de b\u00fafer 0 WARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0 CPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy) Call Trace:  ? trace_buffer_lock_reserve+0x2a/0x60 __fortify_panic+0xd/0xf __timerlat_dump_stack.cold+0xd/0xd timerlat_dump_stack.part.0+0x47/0x80 timerlat_fd_read+0x36d/0x390 vfs_read+0xe2/0x390 ? syscall_exit_to_user_mode+0x1d5/0x210 ksys_read+0x73/0xe0 do_syscall_64+0x7b/0x160 ? exc_page_fault+0x7e/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e __timerlat_dump_stack() construye la entrada de la pila ftrace de la siguiente manera: struct stack_entry *entry; ... memcpy(\u0026amp;entry-\u0026gt;caller, fstack-\u0026gt;calls, size); entry-\u0026gt;size = fstack-\u0026gt;nr_entries; Desde el commit e7186af7fb26 (\\\"rastreo: Agregar la l\u00f3gica de FORTIFY_SOURCE a la estructura de eventos kernel_stack\\\"), struct stack_entry marca su campo de llamada con __counted_by(size). Al ejecutar memcpy, entry-\u0026gt;size contiene informaci\u00f3n no v\u00e1lida del b\u00fafer de anillo, que en algunas circunstancias es cero, lo que desencadena un p\u00e1nico del n\u00facleo por desbordamiento del b\u00fafer. Rellene el campo de tama\u00f1o antes de ejecutar memcpy para que la comprobaci\u00f3n de fuera de los l\u00edmites conozca el tama\u00f1o correcto. Esto es an\u00e1logo a __ftrace_trace_stack().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/7bb9ea515cda027c9e717e27fefcf34f092e7c41\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/823d798900481875ba6c68217af028c5ffd2976b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/85a3bce695b361d85fc528e6fbb33e4c8089c806\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fbf90f5aa7ac7cddc69148a71d58f12c8709ce2b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

fkie_cve-2025-38493

Vulnerability from fkie_nvd

Published

2025-07-28 12:15

Modified

2025-07-29 14:14

Severity ?

Summary

References

▶	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7bb9ea515cda027c9e717e27fefcf34f092e7c41
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/823d798900481875ba6c68217af028c5ffd2976b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/85a3bce695b361d85fc528e6fbb33e4c8089c806
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/fbf90f5aa7ac7cddc69148a71d58f12c8709ce2b

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix crash in timerlat_dump_stack()\n\nWe have observed kernel panics when using timerlat with stack saving,\nwith the following dmesg output:\n\nmemcpy: detected buffer overflow: 88 byte write of buffer size 0\nWARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0\nCPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy)\nCall Trace:\n \u003cTASK\u003e\n ? trace_buffer_lock_reserve+0x2a/0x60\n __fortify_panic+0xd/0xf\n __timerlat_dump_stack.cold+0xd/0xd\n timerlat_dump_stack.part.0+0x47/0x80\n timerlat_fd_read+0x36d/0x390\n vfs_read+0xe2/0x390\n ? syscall_exit_to_user_mode+0x1d5/0x210\n ksys_read+0x73/0xe0\n do_syscall_64+0x7b/0x160\n ? exc_page_fault+0x7e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n__timerlat_dump_stack() constructs the ftrace stack entry like this:\n\nstruct stack_entry *entry;\n...\nmemcpy(\u0026entry-\u003ecaller, fstack-\u003ecalls, size);\nentry-\u003esize = fstack-\u003enr_entries;\n\nSince commit e7186af7fb26 (\"tracing: Add back FORTIFY_SOURCE logic to\nkernel_stack event structure\"), struct stack_entry marks its caller\nfield with __counted_by(size). At the time of the memcpy, entry-\u003esize\ncontains garbage from the ringbuffer, which under some circumstances is\nzero, triggering a kernel panic by buffer overflow.\n\nPopulate the size field before the memcpy so that the out-of-bounds\ncheck knows the correct size. This is analogous to\n__ftrace_trace_stack()."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing/osnoise: corrige fallo en timerlat_dump_stack() Hemos observado p\u00e1nicos en el kernel al usar timerlat con guardado de pila, con la siguiente salida de dmesg: memcpy: desbordamiento de b\u00fafer detectado: escritura de 88 bytes de tama\u00f1o de b\u00fafer 0 WARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0 CPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy) Call Trace:  ? trace_buffer_lock_reserve+0x2a/0x60 __fortify_panic+0xd/0xf __timerlat_dump_stack.cold+0xd/0xd timerlat_dump_stack.part.0+0x47/0x80 timerlat_fd_read+0x36d/0x390 vfs_read+0xe2/0x390 ? syscall_exit_to_user_mode+0x1d5/0x210 ksys_read+0x73/0xe0 do_syscall_64+0x7b/0x160 ? exc_page_fault+0x7e/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e __timerlat_dump_stack() construye la entrada de la pila ftrace de la siguiente manera: struct stack_entry *entry; ... memcpy(\u0026amp;entry-\u0026gt;caller, fstack-\u0026gt;calls, size); entry-\u0026gt;size = fstack-\u0026gt;nr_entries; Desde el commit e7186af7fb26 (\"rastreo: Agregar la l\u00f3gica de FORTIFY_SOURCE a la estructura de eventos kernel_stack\"), struct stack_entry marca su campo de llamada con __counted_by(size). Al ejecutar memcpy, entry-\u0026gt;size contiene informaci\u00f3n no v\u00e1lida del b\u00fafer de anillo, que en algunas circunstancias es cero, lo que desencadena un p\u00e1nico del n\u00facleo por desbordamiento del b\u00fafer. Rellene el campo de tama\u00f1o antes de ejecutar memcpy para que la comprobaci\u00f3n de fuera de los l\u00edmites conozca el tama\u00f1o correcto. Esto es an\u00e1logo a __ftrace_trace_stack()."
    }
  ],
  "id": "CVE-2025-38493",
  "lastModified": "2025-07-29T14:14:29.590",
  "metrics": {},
  "published": "2025-07-28T12:15:31.483",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7bb9ea515cda027c9e717e27fefcf34f092e7c41"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/823d798900481875ba6c68217af028c5ffd2976b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/85a3bce695b361d85fc528e6fbb33e4c8089c806"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fbf90f5aa7ac7cddc69148a71d58f12c8709ce2b"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

ghsa-2xmx-r7cc-9x6c

Vulnerability from github

Published

2025-07-28 12:30

Modified

2025-07-28 12:30

Details

In the Linux kernel, the following vulnerability has been resolved:

tracing/osnoise: Fix crash in timerlat_dump_stack()

We have observed kernel panics when using timerlat with stack saving, with the following dmesg output:

memcpy: detected buffer overflow: 88 byte write of buffer size 0 WARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0 CPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy) Call Trace: ? trace_buffer_lock_reserve+0x2a/0x60 __fortify_panic+0xd/0xf __timerlat_dump_stack.cold+0xd/0xd timerlat_dump_stack.part.0+0x47/0x80 timerlat_fd_read+0x36d/0x390 vfs_read+0xe2/0x390 ? syscall_exit_to_user_mode+0x1d5/0x210 ksys_read+0x73/0xe0 do_syscall_64+0x7b/0x160 ? exc_page_fault+0x7e/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e

__timerlat_dump_stack() constructs the ftrace stack entry like this:

struct stack_entry *entry; ... memcpy(&entry->caller, fstack->calls, size); entry->size = fstack->nr_entries;

Since commit e7186af7fb26 ("tracing: Add back FORTIFY_SOURCE logic to kernel_stack event structure"), struct stack_entry marks its caller field with __counted_by(size). At the time of the memcpy, entry->size contains garbage from the ringbuffer, which under some circumstances is zero, triggering a kernel panic by buffer overflow.

Populate the size field before the memcpy so that the out-of-bounds check knows the correct size. This is analogous to __ftrace_trace_stack().

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-38493"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-28T12:15:31Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix crash in timerlat_dump_stack()\n\nWe have observed kernel panics when using timerlat with stack saving,\nwith the following dmesg output:\n\nmemcpy: detected buffer overflow: 88 byte write of buffer size 0\nWARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0\nCPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy)\nCall Trace:\n \u003cTASK\u003e\n ? trace_buffer_lock_reserve+0x2a/0x60\n __fortify_panic+0xd/0xf\n __timerlat_dump_stack.cold+0xd/0xd\n timerlat_dump_stack.part.0+0x47/0x80\n timerlat_fd_read+0x36d/0x390\n vfs_read+0xe2/0x390\n ? syscall_exit_to_user_mode+0x1d5/0x210\n ksys_read+0x73/0xe0\n do_syscall_64+0x7b/0x160\n ? exc_page_fault+0x7e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n__timerlat_dump_stack() constructs the ftrace stack entry like this:\n\nstruct stack_entry *entry;\n...\nmemcpy(\u0026entry-\u003ecaller, fstack-\u003ecalls, size);\nentry-\u003esize = fstack-\u003enr_entries;\n\nSince commit e7186af7fb26 (\"tracing: Add back FORTIFY_SOURCE logic to\nkernel_stack event structure\"), struct stack_entry marks its caller\nfield with __counted_by(size). At the time of the memcpy, entry-\u003esize\ncontains garbage from the ringbuffer, which under some circumstances is\nzero, triggering a kernel panic by buffer overflow.\n\nPopulate the size field before the memcpy so that the out-of-bounds\ncheck knows the correct size. This is analogous to\n__ftrace_trace_stack().",
  "id": "GHSA-2xmx-r7cc-9x6c",
  "modified": "2025-07-28T12:30:36Z",
  "published": "2025-07-28T12:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38493"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7bb9ea515cda027c9e717e27fefcf34f092e7c41"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/823d798900481875ba6c68217af028c5ffd2976b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85a3bce695b361d85fc528e6fbb33e4c8089c806"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fbf90f5aa7ac7cddc69148a71d58f12c8709ce2b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

wid-sec-w-2025-1665

Vulnerability from csaf_certbund

Published

2025-07-28 22:00

Modified

2025-08-12 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder andere nicht spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder andere nicht spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1665 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1665.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1665 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1665"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38468",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072834-CVE-2025-38468-4110@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38469",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072811-CVE-2025-38469-4e11@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38470",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072811-CVE-2025-38470-a4d4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38471",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38471-ca92@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38472",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38472-fa6d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38473",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38473-e8bb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38474",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38474-0663@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38475",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072813-CVE-2025-38475-deb5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38476",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072813-CVE-2025-38476-ab35@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38477",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072813-CVE-2025-38477-8b42@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38478",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38478-298f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38480",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38480-d8ab@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38481",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38481-1476@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38482",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38482-f4ed@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38483",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38483-ab88@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38484",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38484-4faf@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38485",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38485-3cec@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38486",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38486-e3f6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38487",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38487-1ffa@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38488",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38488-7f36@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38489",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38489-0fd7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38490",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38490-7528@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38491",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072817-CVE-2025-38491-859c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38492",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072817-CVE-2025-38492-d59e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38493",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072817-CVE-2025-38493-32f7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38494",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38494-63e4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38495",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38495-3b28@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38496",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38496-4301@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38497",
        "url": "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38497-b5c7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7686-1 vom 2025-08-05",
        "url": "https://ubuntu.com/security/notices/USN-7686-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5973 vom 2025-08-12",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00137.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-12T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-13T06:22:44.598+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1665",
      "initial_release_date": "2025-07-28T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-28T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-05T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-08-12T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T008144",
              "product_identification_helper": {
                "cpe": "cpe:/a:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-50047",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2024-50047"
    },
    {
      "cve": "CVE-2025-38468",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38468"
    },
    {
      "cve": "CVE-2025-38469",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38469"
    },
    {
      "cve": "CVE-2025-38470",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38470"
    },
    {
      "cve": "CVE-2025-38471",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38471"
    },
    {
      "cve": "CVE-2025-38472",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38472"
    },
    {
      "cve": "CVE-2025-38473",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38473"
    },
    {
      "cve": "CVE-2025-38474",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38474"
    },
    {
      "cve": "CVE-2025-38475",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38475"
    },
    {
      "cve": "CVE-2025-38476",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38476"
    },
    {
      "cve": "CVE-2025-38477",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38477"
    },
    {
      "cve": "CVE-2025-38478",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38478"
    },
    {
      "cve": "CVE-2025-38480",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38480"
    },
    {
      "cve": "CVE-2025-38481",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38481"
    },
    {
      "cve": "CVE-2025-38482",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38482"
    },
    {
      "cve": "CVE-2025-38483",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38483"
    },
    {
      "cve": "CVE-2025-38484",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38484"
    },
    {
      "cve": "CVE-2025-38485",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38485"
    },
    {
      "cve": "CVE-2025-38486",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38486"
    },
    {
      "cve": "CVE-2025-38487",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38487"
    },
    {
      "cve": "CVE-2025-38488",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38488"
    },
    {
      "cve": "CVE-2025-38489",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38489"
    },
    {
      "cve": "CVE-2025-38490",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38490"
    },
    {
      "cve": "CVE-2025-38491",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38491"
    },
    {
      "cve": "CVE-2025-38492",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38492"
    },
    {
      "cve": "CVE-2025-38493",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38493"
    },
    {
      "cve": "CVE-2025-38494",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38494"
    },
    {
      "cve": "CVE-2025-38495",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38495"
    },
    {
      "cve": "CVE-2025-38496",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38496"
    },
    {
      "cve": "CVE-2025-38497",
      "product_status": {
        "known_affected": [
          "2951",
          "T000126",
          "T008144"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-38497"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-38493 (GCVE-0-2025-38493)

Vulnerability from cvelistv5

fkie_cve-2025-38493

Vulnerability from fkie_nvd

ghsa-2xmx-r7cc-9x6c

Vulnerability from github

wid-sec-w-2025-1665

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature