PT-2025-22185 · Linux+6 · Linux Kernel+6
Syzbot
·
Published
2025-05-01
·
Updated
2026-04-20
·
CVE-2025-37923
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.15.0-rc1-syzkaller-00301-g3bde70a2c827
Description
A bug has been reported in the Linux kernel where the
trace seq to buffer() function attempts to copy more data than PAGE SIZE to a buffer, resulting in an out-of-bounds write. This issue was identified by syzbot and has been resolved. The tracing splice read pipe() function is also affected.Recommendations
For Linux kernel versions prior to 6.15.0-rc1-syzkaller-00301-g3bde70a2c827, update to a newer version that includes the fix for the out-of-bounds write in
trace seq to buffer(). As a temporary workaround, consider restricting access to the tracing splice read pipe() function until a patch is available.Exploit
Fix
Memory Corruption
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu