CVE-2025-38466
Description
In the Linux kernel, the following vulnerability has been resolved:
perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but due to variable instruction length cannot determine if this is an instruction as seen by the intended execution stream.
Additionally, Mark Rutland notes that on architectures that mix data in the text segment (like arm64), a similar things can be done if the data word is 'mistaken' for an instruction.
As such, require CAP_SYS_ADMIN for uprobes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel requires CAP_SYS_ADMIN for uprobes to prevent destructive use due to variable instruction length and data misinterpretation on some architectures.
This vulnerability in the Linux kernel's uprobe mechanism allows unprivileged users to insert probes in the middle of instructions, causing undefined behavior. The kernel only checks for a valid instruction at the requested offset, but due to variable instruction length, it cannot guarantee the probe aligns with an actual executed instruction. On architectures like arm64 that mix data in the text segment, a data word could be misinterpreted as an instruction, leading to similar issues. [1]
To exploit, an attacker needs local access and the ability to set uprobes. Previously, CAP_SYS_ADMIN was not required, making this a privilege escalation vector. The attack can cause system instability, crashes, or potentially arbitrary code execution if the probe is placed in a critical path. [1]
The impact is a denial of service or privilege escalation, as an unprivileged user can disrupt system operation. [1]
The fix reverts uprobes to require CAP_SYS_ADMIN, patched in kernel stable commits [2], [3], [4]. Siemens advisory SSA-082556 lists affected industrial products with upcoming updates. [1]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 5.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- git.kernel.org/stable/c/183bdb89af1b5193b1d1d9316986053b15ca6fa4nvdPatch
- git.kernel.org/stable/c/8e8bf7bc6aa6f583336c2fda280b6cea0aed5612nvdPatch
- git.kernel.org/stable/c/a0a8009083e569b5526c64f7d3f2a62baca95164nvdPatch
- git.kernel.org/stable/c/ba677dbe77af5ffe6204e0f3f547f3ba059c6302nvdPatch
- git.kernel.org/stable/c/c0aec35f861fa746ca45aa816161c74352e6ada8nvdPatch
- git.kernel.org/stable/c/d5074256b642cdeb46a70ce2f15193e766edca68nvdPatch
- git.kernel.org/stable/c/d7ef1afd5b3f43f4924326164cee5397b66abd9cnvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
News mentions
0No linked articles in our index yet.