CVE-2025-39683
Description
In the Linux kernel, the following vulnerability has been resolved:
tracing: Limit access to parser->buffer when trace_get_user failed
When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered:
BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0 Read of size 1 at addr ffff0000d00bd5ba by task ash/165
CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x34/0x50 (C) dump_stack_lvl+0xa0/0x158 print_address_description.constprop.0+0x88/0x398 print_report+0xb0/0x280 kasan_report+0xa4/0xf0 __asan_report_load1_noabort+0x20/0x30 strsep+0x18c/0x1b0 ftrace_process_regex.isra.0+0x100/0x2d8 ftrace_regex_release+0x484/0x618 __fput+0x364/0xa58 ____fput+0x28/0x40 task_work_run+0x154/0x278 do_notify_resume+0x1f0/0x220 el0_svc+0xec/0xf0 el0t_64_sync_handler+0xa0/0xe8 el0t_64_sync+0x1ac/0x1b0
The reason is that trace_get_user will fail when processing a string longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0. Then an OOB access will be triggered in ftrace_regex_release-> ftrace_process_regex->strsep->strpbrk. We can solve this problem by limiting access to parser->buffer when trace_get_user failed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's tracing subsystem, a failure to null-terminate the parser buffer when processing oversized input to set_ftrace_filter leads to a slab-out-of-bounds read, potentially causing a denial of service.
Vulnerability
Analysis
The vulnerability resides in the Linux kernel's tracing subsystem, specifically in the handling of user input to the set_ftrace_filter file. When a user writes a string longer than FTRACE_BUFF_MAX, the function trace_get_user fails but does not null-terminate the parser->buffer. This leaves the buffer in an inconsistent state, and subsequent processing in ftrace_regex_release via ftrace_process_regex and strsep triggers a slab-out-of-bounds read, as evidenced by the KASAN report.
Exploitation
An attacker with local access and the ability to write to the set_ftrace_filter file can trigger this vulnerability. No special privileges beyond the ability to interact with the tracing interface are required, though typically such access is restricted to root or users in the tracing group. The attack surface is limited to systems where the tracing subsystem is enabled and accessible.
Impact
The out-of-bounds read can cause a kernel crash or denial of service, as indicated by the KASAN alarm. The vulnerability does not appear to allow arbitrary code execution or privilege escalation based on the available information.
Mitigation
The fix is included in Linux kernel stable commits [3][4]. Users should apply the latest kernel updates from their distribution or compile a patched kernel. No workaround is documented.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 5.13
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- git.kernel.org/stable/c/3079517a5ba80901fe828a06998da64b9b8749benvdPatch
- git.kernel.org/stable/c/418b448e1d7470da9d4d4797f71782595ee69c49nvdPatch
- git.kernel.org/stable/c/41b838420457802f21918df66764b6fbf829d330nvdPatch
- git.kernel.org/stable/c/58ff8064cb4c7eddac4da1a59da039ead586950anvdPatch
- git.kernel.org/stable/c/6a909ea83f226803ea0e718f6e88613df9234d58nvdPatch
- git.kernel.org/stable/c/b842ef39c2ad6156c13afdec25ecc6792a9b67b9nvdPatch
- git.kernel.org/stable/c/d0c68045b8b0f3737ed7bd6b8c83b7887014adeenvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories