{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38636", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.030Z", "datePublished": "2025-08-22T16:00:43.910Z", "dateUpdated": "2025-08-22T16:00:43.910Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-08-22T16:00:43.910Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrv: Use strings in da monitors tracepoints\n\nUsing DA monitors tracepoints with KASAN enabled triggers the following\nwarning:\n\n BUG: KASAN: global-out-of-bounds in do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0\n Read of size 32 at addr ffffffffaada8980 by task ...\n Call Trace:\n <TASK>\n [...]\n do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0\n ? __pfx_do_trace_event_raw_event_event_da_monitor+0x10/0x10\n ? trace_event_sncid+0x83/0x200\n trace_event_sncid+0x163/0x200\n [...]\n The buggy address belongs to the variable:\n automaton_snep+0x4e0/0x5e0\n\nThis is caused by the tracepoints reading 32 bytes __array instead of\n__string from the automata definition. Such strings are literals and\nreading 32 bytes ends up in out of bound memory accesses (e.g. the next\nautomaton's data in this case).\nThe error is harmless as, while printing the string, we stop at the null\nterminator, but it should still be fixed.\n\nUse the __string facilities while defining the tracepoints to avoid\nreading out of bound memory."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/rv/rv_trace.h"], "versions": [{"version": "792575348ff70e05c6040d02fce38e949ef92c37", "lessThan": "0ebc70d973ce7a81826b5c4f55f743e07f5864d9", "status": "affected", "versionType": "git"}, {"version": "792575348ff70e05c6040d02fce38e949ef92c37", "lessThan": "7f904ff6e58d398c4336f3c19c42b338324451f7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/rv/rv_trace.h"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.1", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.16.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.17-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0ebc70d973ce7a81826b5c4f55f743e07f5864d9"}, {"url": "https://git.kernel.org/stable/c/7f904ff6e58d398c4336f3c19c42b338324451f7"}], "title": "rv: Use strings in da monitors tracepoints", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrv: Use strings in da monitors tracepoints\n\nUsing DA monitors tracepoints with KASAN enabled triggers the following\nwarning:\n\n BUG: KASAN: global-out-of-bounds in do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0\n Read of size 32 at addr ffffffffaada8980 by task ...\n Call Trace:\n <TASK>\n [...]\n do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0\n ? __pfx_do_trace_event_raw_event_event_da_monitor+0x10/0x10\n ? trace_event_sncid+0x83/0x200\n trace_event_sncid+0x163/0x200\n [...]\n The buggy address belongs to the variable:\n automaton_snep+0x4e0/0x5e0\n\nThis is caused by the tracepoints reading 32 bytes __array instead of\n__string from the automata definition. Such strings are literals and\nreading 32 bytes ends up in out of bound memory accesses (e.g. the next\nautomaton's data in this case).\nThe error is harmless as, while printing the string, we stop at the null\nterminator, but it should still be fixed.\n\nUse the __string facilities while defining the tracepoints to avoid\nreading out of bound memory."}], "id": "CVE-2025-38636", "lastModified": "2025-08-22T18:08:51.663", "metrics": {}, "published": "2025-08-22T16:15:37.587", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0ebc70d973ce7a81826b5c4f55f743e07f5864d9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7f904ff6e58d398c4336f3c19c42b338324451f7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: rv: Use strings in da monitors tracepoints", "id": "2390417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390417"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["No description is available for this CVE."], "name": "CVE-2025-38636", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38636\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38636\nhttps://lore.kernel.org/linux-cve-announce/2025082233-CVE-2025-38636-0ce2@gregkh/T"], "threat_severity": "Low"}

{"created": "2025-08-23T10:55:09.005442+00:00", "updated": "2025-08-23T10:55:09.005499+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}