CVE-2025-38320

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.0+ #11

Description: A stack-out-of-bounds read issue was identified in the regs get kernel stack nth() function within the Linux kernel. The issue was reported by KASAN (Kernel Address Sanitizer) and is related to the behavior of certain GCC compilers. The vulnerability occurs when reading from a potentially invalid memory address on the stack. The fix involves using the READ ONCE NOCHECK() helper to bypass the KASAN check in this specific scenario, as the address is confirmed to be on the stack.

Recommendations: Linux kernel versions prior to 6.6.0+ #11: Update to version 6.6.0+ #11 or a later version to address this issue.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-64916

BDU:2025-08924

CVE-2025-38320

DLA-4327-1

DLA-4328-1

DSA-5973-1

ECHO-A875-7FC5-6076

MGASA-2025-0218

MGASA-2025-0219

OESA-2025-1869

OESA-2025-1870

OESA-2025-1871

OESA-2025-1872

OESA-2025-1873

OESA-2025-1874

USN-7774-1

USN-7774-2

USN-7774-3

USN-7774-4

USN-7774-5

USN-7775-1

USN-7775-2

USN-7775-3

USN-7776-1

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-38320

Weakness Enumeration

Related Identifiers

Affected Products

References · 1454