tracing: Limit access to parser->buffer when trace_get_user failed

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2025-39683
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2025-09-05 18:15:44 UTC
Updated2026-05-12 13:17:04 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0 Read of size 1 at addr ffff0000d00bd5ba by task ash/165 CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x34/0x50 (C) dump_stack_lvl+0xa0/0x158 print_address_description.constprop.0+0x88/0x398 print_report+0xb0/0x280 kasan_report+0xa4/0xf0 __asan_report_load1_noabort+0x20/0x30 strsep+0x18c/0x1b0 ftrace_process_regex.isra.0+0x100/0x2d8 ftrace_regex_release+0x484/0x618 __fput+0x364/0xa58 ____fput+0x28/0x40 task_work_run+0x154/0x278 do_notify_resume+0x1f0/0x220 el0_svc+0xec/0xf0 el0t_64_sync_handler+0xa0/0xe8 el0t_64_sync+0x1ac/0x1b0 The reason is that trace_get_user will fail when processing a string longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0. Then an OOB access will be triggered in ftrace_regex_release-> ftrace_process_regex->strsep->strpbrk. We can solve this problem by limiting access to parser->buffer when trace_get_user failed.

Risk And Classification

Primary CVSS: v3.1 7.1 HIGH from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Problem Types: CWE-125

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 634684d79733124f7470b226b0f42aada4426b07 b842ef39c2ad6156c13afdec25ecc6792a9b67b9 git Not specified
CNA Linux Linux affected 8c9af478c06bb1ab1422f90d8ecbc53defd44bc3 41b838420457802f21918df66764b6fbf829d330 git Not specified
CNA Linux Linux affected 8c9af478c06bb1ab1422f90d8ecbc53defd44bc3 418b448e1d7470da9d4d4797f71782595ee69c49 git Not specified
CNA Linux Linux affected 8c9af478c06bb1ab1422f90d8ecbc53defd44bc3 58ff8064cb4c7eddac4da1a59da039ead586950a git Not specified
CNA Linux Linux affected 8c9af478c06bb1ab1422f90d8ecbc53defd44bc3 d0c68045b8b0f3737ed7bd6b8c83b7887014adee git Not specified
CNA Linux Linux affected 8c9af478c06bb1ab1422f90d8ecbc53defd44bc3 3079517a5ba80901fe828a06998da64b9b8749be git Not specified
CNA Linux Linux affected 8c9af478c06bb1ab1422f90d8ecbc53defd44bc3 6a909ea83f226803ea0e718f6e88613df9234d58 git Not specified
CNA Linux Linux affected 24cd31752f47699b89b4b3471155c8e599a1a23a git Not specified
CNA Linux Linux affected e9cb474de7ff7a970c2a3951c12ec7e3113c0c35 git Not specified
CNA Linux Linux affected 6ab671191f64b0da7d547e2ad4dc199ca7e5b558 git Not specified
CNA Linux Linux affected 3d9281a4ac7171c808f9507f0937eb236b353905 git Not specified
CNA Linux Linux affected 0b641b25870f02e2423e494365fc5243cc1e2759 git Not specified
CNA Linux Linux affected ffd51dbfd2900e50c71b5c069fe407957e52d61f git Not specified
CNA Linux Linux affected cdd107d7f18158d966c2bc136204fe826dac445c git Not specified
CNA Linux Linux affected 5.13 Not specified
CNA Linux Linux unaffected 5.13 semver Not specified
CNA Linux Linux unaffected 5.10.241 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.190 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.149 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.103 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.44 6.12.* semver Not specified
CNA Linux Linux unaffected 6.16.4 6.16.* semver Not specified
CNA Linux Linux unaffected 6.17 * original_commit_for_fix Not specified
ADP Siemens SIMATIC CN 4100 affected V5.0 custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.5 * custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.5 * custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP affected V3.1.5 * custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP affected V3.1.5 * custom Not specified
ADP Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.5 * custom Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/41b838420457802f21918df66764b6fbf829d330 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
lists.debian.org/debian-lts-announce/2025/10/msg00008.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Third Party Advisory
git.kernel.org/stable/c/6a909ea83f226803ea0e718f6e88613df9234d58 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
cert-portal.siemens.com/productcert/html/ssa-082556.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
git.kernel.org/stable/c/418b448e1d7470da9d4d4797f71782595ee69c49 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/b842ef39c2ad6156c13afdec25ecc6792a9b67b9 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
cert-portal.siemens.com/productcert/html/ssa-032379.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
git.kernel.org/stable/c/3079517a5ba80901fe828a06998da64b9b8749be 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/d0c68045b8b0f3737ed7bd6b8c83b7887014adee 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
lists.debian.org/debian-lts-announce/2025/10/msg00007.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Third Party Advisory
git.kernel.org/stable/c/58ff8064cb4c7eddac4da1a59da039ead586950a 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report