CVE-2025-38636

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains an issue where DA monitors tracepoints, when used with KASAN enabled, can trigger a global-out-of-bounds read due to reading 32 bytes as an array instead of a string from the automata definition. This occurs because the tracepoints read beyond the intended string literals, potentially accessing memory belonging to adjacent automata data. While the error is considered harmless as the printing process stops at the null terminator, it still represents a memory access issue. The root cause is the improper handling of string data within the tracepoints.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.