PT-2025-36278 · Linux+5 · Linux Kernel+5

Published

2025-01-01

·

Updated

2026-04-20

·

CVE-2025-39683

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0
Description A flaw exists in the Linux kernel related to tracing functionality. Specifically, insufficient bounds checking when handling strings longer than FTRACE BUFF MAX within the ftrace process regex function, triggered by a failure in trace get user, can lead to an out-of-bounds read in strsep. This issue manifests as a KASAN alarm during string processing within the tracing subsystem.
Recommendations Update to Linux kernel version 6.16.0 or later to address this issue.

Exploit

Fix

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

AZL-67037
AZL-73695
BDU:2025-15733
CVE-2025-39683
DLA-4327-1
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-26DD-1ECB-045C
MGASA-2025-0234
MGASA-2025-0235
OESA-2025-2465
OESA-2025-2466
OESA-2025-2467
OESA-2025-2468
OESA-2025-2469
OESA-2025-2470
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4301-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu