CVE-2025-37923: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260 CPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106 trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 .... ================================================================== It has been reported that trace_seq_to_buffer() tries to copy more data than PAGE_SIZE to buf. Therefore, to prevent this, we should use the smaller of trace_seq_used(&iter->seq) and PAGE_SIZE as an argument.
AI Analysis
Technical Summary
CVE-2025-37923 is a recently disclosed vulnerability in the Linux kernel affecting the tracing subsystem, specifically within the function trace_seq_to_buffer() located in kernel/trace/trace.c. The vulnerability is a slab-out-of-bounds write, identified by Kernel Address Sanitizer (KASAN) as an out-of-bounds memory write occurring when trace_seq_to_buffer() attempts to copy more data than the size of a memory page (PAGE_SIZE) into a buffer. This results in a write of size 4507 bytes beyond the allocated slab memory, which can corrupt adjacent memory regions. The root cause is that trace_seq_to_buffer() uses an argument for the copy operation that can exceed PAGE_SIZE, leading to this out-of-bounds condition. The fix involves ensuring the function uses the smaller value between trace_seq_used(&iter->seq) and PAGE_SIZE to limit the copy size appropriately. The vulnerability was discovered and reported by syzbot, an automated kernel fuzzing tool, and affects Linux kernel versions identified by the commit hash 3c56819b14b00dd449bd776303e61f8532fad09f. The vulnerability does not currently have a CVSS score, and no known exploits are reported in the wild. The bug manifests during tracing operations, which are typically used for debugging and performance monitoring, but the out-of-bounds write could potentially be leveraged to cause kernel memory corruption, leading to system instability, crashes (denial of service), or potentially privilege escalation if exploited by a local attacker with the ability to invoke tracing functions.
Potential Impact
For European organizations, the impact of CVE-2025-37923 could be significant depending on their reliance on Linux-based infrastructure, especially servers and cloud environments that utilize kernel tracing features for monitoring and diagnostics. The out-of-bounds write vulnerability could be exploited by a local attacker or malicious process with sufficient privileges to trigger kernel memory corruption, potentially leading to denial of service or privilege escalation. This could disrupt critical services, cause data loss, or allow attackers to gain elevated access to systems. Organizations running Linux kernels with the affected versions, particularly in data centers, cloud platforms, or embedded systems, may face operational risks. The vulnerability's exploitation complexity is moderate since it requires local code execution and the ability to invoke tracing operations, but the widespread use of Linux in European enterprises, government, and critical infrastructure heightens the risk. Additionally, the vulnerability could be leveraged in multi-tenant cloud environments common in Europe, where compromised virtual machines might attempt to exploit the host kernel. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often reverse-engineer patches to develop exploits.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patch that restricts the copy size in trace_seq_to_buffer() to the minimum of trace_seq_used(&iter->seq) and PAGE_SIZE. 2. For organizations unable to patch immediately, disable or restrict access to kernel tracing features, particularly tracing_splice_read_pipe and related interfaces, to trusted users only. 3. Implement strict access controls and monitoring on systems that allow local user code execution to prevent untrusted users from invoking tracing operations. 4. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), SELinux/AppArmor policies, and seccomp filters to limit the attack surface. 5. Monitor system logs and kernel tracing outputs for anomalous or unexpected usage patterns that could indicate attempts to exploit this vulnerability. 6. Coordinate with Linux distribution vendors and cloud providers to ensure timely updates and patches are applied. 7. Conduct internal audits to identify systems running affected kernel versions and prioritize patching based on criticality and exposure.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2025-37923: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260 CPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106 trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 .... ================================================================== It has been reported that trace_seq_to_buffer() tries to copy more data than PAGE_SIZE to buf. Therefore, to prevent this, we should use the smaller of trace_seq_used(&iter->seq) and PAGE_SIZE as an argument.
AI-Powered Analysis
Technical Analysis
CVE-2025-37923 is a recently disclosed vulnerability in the Linux kernel affecting the tracing subsystem, specifically within the function trace_seq_to_buffer() located in kernel/trace/trace.c. The vulnerability is a slab-out-of-bounds write, identified by Kernel Address Sanitizer (KASAN) as an out-of-bounds memory write occurring when trace_seq_to_buffer() attempts to copy more data than the size of a memory page (PAGE_SIZE) into a buffer. This results in a write of size 4507 bytes beyond the allocated slab memory, which can corrupt adjacent memory regions. The root cause is that trace_seq_to_buffer() uses an argument for the copy operation that can exceed PAGE_SIZE, leading to this out-of-bounds condition. The fix involves ensuring the function uses the smaller value between trace_seq_used(&iter->seq) and PAGE_SIZE to limit the copy size appropriately. The vulnerability was discovered and reported by syzbot, an automated kernel fuzzing tool, and affects Linux kernel versions identified by the commit hash 3c56819b14b00dd449bd776303e61f8532fad09f. The vulnerability does not currently have a CVSS score, and no known exploits are reported in the wild. The bug manifests during tracing operations, which are typically used for debugging and performance monitoring, but the out-of-bounds write could potentially be leveraged to cause kernel memory corruption, leading to system instability, crashes (denial of service), or potentially privilege escalation if exploited by a local attacker with the ability to invoke tracing functions.
Potential Impact
For European organizations, the impact of CVE-2025-37923 could be significant depending on their reliance on Linux-based infrastructure, especially servers and cloud environments that utilize kernel tracing features for monitoring and diagnostics. The out-of-bounds write vulnerability could be exploited by a local attacker or malicious process with sufficient privileges to trigger kernel memory corruption, potentially leading to denial of service or privilege escalation. This could disrupt critical services, cause data loss, or allow attackers to gain elevated access to systems. Organizations running Linux kernels with the affected versions, particularly in data centers, cloud platforms, or embedded systems, may face operational risks. The vulnerability's exploitation complexity is moderate since it requires local code execution and the ability to invoke tracing operations, but the widespread use of Linux in European enterprises, government, and critical infrastructure heightens the risk. Additionally, the vulnerability could be leveraged in multi-tenant cloud environments common in Europe, where compromised virtual machines might attempt to exploit the host kernel. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often reverse-engineer patches to develop exploits.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patch that restricts the copy size in trace_seq_to_buffer() to the minimum of trace_seq_used(&iter->seq) and PAGE_SIZE. 2. For organizations unable to patch immediately, disable or restrict access to kernel tracing features, particularly tracing_splice_read_pipe and related interfaces, to trusted users only. 3. Implement strict access controls and monitoring on systems that allow local user code execution to prevent untrusted users from invoking tracing operations. 4. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), SELinux/AppArmor policies, and seccomp filters to limit the attack surface. 5. Monitor system logs and kernel tracing outputs for anomalous or unexpected usage patterns that could indicate attempts to exploit this vulnerability. 6. Coordinate with Linux distribution vendors and cloud providers to ensure timely updates and patches are applied. 7. Conduct internal audits to identify systems running affected kernel versions and prioritize patching based on criticality and exposure.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.969Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682cd0f71484d88663aeaf90
Added to database: 5/20/2025, 6:59:03 PM
Last enriched: 7/4/2025, 1:41:15 AM
Last updated: 8/11/2025, 2:48:17 PM
Views: 16
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.