Memory Access Vulnerability in Linux Kernel Affects Multiple Versions
CVE-2025-38636

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38636?

A memory access vulnerability in the Linux kernel arises from a misconfiguration in the definition of tracepoints using DA monitors. When KASAN is enabled, these tracepoints trigger a warning due to out-of-bounds memory access, specifically attempting to read 32 bytes from incorrect memory offsets. While the issue does not pose a direct threat as the string output halts at the null terminator, it reflects underlying flaws in how string literals are handled within the automata definitions. To remedy this, developers are advised to utilize the proper string facilities in tracepoint definitions to prevent potential vulnerabilities.

Affected Version(s)

Linux 792575348ff70e05c6040d02fce38e949ef92c37 < 0ebc70d973ce7a81826b5c4f55f743e07f5864d9

Linux 792575348ff70e05c6040d02fce38e949ef92c37 < 7f904ff6e58d398c4336f3c19c42b338324451f7

Linux 6.0

References

https://git.kernel.org/stable/c/0ebc70d973ce7a81826b5c4f5...

https://git.kernel.org/stable/c/7f904ff6e58d398c4336f3c19...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025