ghsa-fr3c-c44p-6638
Vulnerability from github
Published
2025-07-25 18:30
Modified
2025-07-25 18:30
Details

In the Linux kernel, the following vulnerability has been resolved:

perf: Revert to requiring CAP_SYS_ADMIN for uprobes

Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but due to variable instruction length cannot determine if this is an instruction as seen by the intended execution stream.

Additionally, Mark Rutland notes that on architectures that mix data in the text segment (like arm64), a similar things can be done if the data word is 'mistaken' for an instruction.

As such, require CAP_SYS_ADMIN for uprobes.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-38466"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T16:15:32Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Revert to requiring CAP_SYS_ADMIN for uprobes\n\nJann reports that uprobes can be used destructively when used in the\nmiddle of an instruction. The kernel only verifies there is a valid\ninstruction at the requested offset, but due to variable instruction\nlength cannot determine if this is an instruction as seen by the\nintended execution stream.\n\nAdditionally, Mark Rutland notes that on architectures that mix data\nin the text segment (like arm64), a similar things can be done if the\ndata word is \u0027mistaken\u0027 for an instruction.\n\nAs such, require CAP_SYS_ADMIN for uprobes.",
  "id": "GHSA-fr3c-c44p-6638",
  "modified": "2025-07-25T18:30:40Z",
  "published": "2025-07-25T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38466"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/183bdb89af1b5193b1d1d9316986053b15ca6fa4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e8bf7bc6aa6f583336c2fda280b6cea0aed5612"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0a8009083e569b5526c64f7d3f2a62baca95164"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba677dbe77af5ffe6204e0f3f547f3ba059c6302"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0aec35f861fa746ca45aa816161c74352e6ada8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d5074256b642cdeb46a70ce2f15193e766edca68"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7ef1afd5b3f43f4924326164cee5397b66abd9c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.