CVE-2025-38636

{"id": "CVE-2025-38636", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2025-08-22T16:15:37.587", "references": [{"url": "https://git.kernel.org/stable/c/0ebc70d973ce7a81826b5c4f55f743e07f5864d9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7f904ff6e58d398c4336f3c19c42b338324451f7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrv: Use strings in da monitors tracepoints\n\nUsing DA monitors tracepoints with KASAN enabled triggers the following\nwarning:\n\n BUG: KASAN: global-out-of-bounds in do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0\n Read of size 32 at addr ffffffffaada8980 by task ...\n Call Trace:\n <TASK>\n [...]\n do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0\n ? __pfx_do_trace_event_raw_event_event_da_monitor+0x10/0x10\n ? trace_event_sncid+0x83/0x200\n trace_event_sncid+0x163/0x200\n [...]\n The buggy address belongs to the variable:\n automaton_snep+0x4e0/0x5e0\n\nThis is caused by the tracepoints reading 32 bytes __array instead of\n__string from the automata definition. Such strings are literals and\nreading 32 bytes ends up in out of bound memory accesses (e.g. the next\nautomaton's data in this case).\nThe error is harmless as, while printing the string, we stop at the null\nterminator, but it should still be fixed.\n\nUse the __string facilities while defining the tracepoints to avoid\nreading out of bound memory."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rv: Uso de cadenas en los puntos de seguimiento de los monitores DA El uso de puntos de seguimiento de los monitores DA con KASAN habilitado activa la siguiente advertencia: ERROR: KASAN: global fuera de los l\u00edmites en do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0 Lectura de tama\u00f1o 32 en la direcci\u00f3n ffffffffaada8980 por la tarea ... Seguimiento de llamada: [...] do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0 ? __pfx_do_trace_event_raw_event_event_da_monitor+0x10/0x10 ? trace_event_sncid+0x83/0x200 trace_event_sncid+0x163/0x200 [...] La direcci\u00f3n con errores pertenece a la variable: automaton_snep+0x4e0/0x5e0 Esto se debe a que los puntos de seguimiento leen 32 bytes __array en lugar de __string de la definici\u00f3n del aut\u00f3mata. Dichas cadenas son literales y la lectura de 32 bytes termina en accesos fuera de memoria l\u00edmite (por ejemplo, los datos del siguiente aut\u00f3mata en este caso). El error es inofensivo ya que, al imprimir la cadena, nos detenemos en el terminador nulo, pero a\u00fan as\u00ed deber\u00eda corregirse. Use las facilidades __string al definir los puntos de seguimiento para evitar la lectura fuera de memoria l\u00edmite."}], "lastModified": "2025-11-26T17:12:06.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AF1532A-8F0C-4D73-8D9F-3580F2A8F834", "versionEndExcluding": "6.16.1", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}