CVE-2025-38493

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.3-200.fc42

Description A flaw exists in the Linux kernel’s timerlat dump stack() function within the tracing/osnoise subsystem. The issue stems from an incorrect order of operations when constructing the ftrace stack entry, specifically related to the memcpy function and the counted by(size) marker. This can lead to a kernel panic due to a buffer overflow when the size field contains garbage data, potentially zero, triggering an out-of-bounds write.

Recommendations Linux kernel versions prior to 6.15.3-200.fc42: Update to version 6.15.3-200.fc42 or a later version to address this issue.

Exploit

Fix

Uncontrolled Recursion

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-404

Related Identifiers

AZL-65946

BDU:2025-13521

CVE-2025-38493

DSA-5975-1

MGASA-2025-0218

MGASA-2025-0219

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

USN-7879-1

USN-7879-2

USN-7879-3

USN-7879-4

USN-7880-1

USN-7934-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38493

Weakness Enumeration

Related Identifiers

Affected Products

References · 2567