{"id":"AZL-65946","summary":"CVE-2025-38493 affecting package kernel for versions less than 6.6.104.2-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix crash in timerlat_dump_stack()\n\nWe have observed kernel panics when using timerlat with stack saving,\nwith the following dmesg output:\n\nmemcpy: detected buffer overflow: 88 byte write of buffer size 0\nWARNING: CPU: 2 PID: 8153 at lib/string_helpers.c:1032 __fortify_report+0x55/0xa0\nCPU: 2 UID: 0 PID: 8153 Comm: timerlatu/2 Kdump: loaded Not tainted 6.15.3-200.fc42.x86_64 #1 PREEMPT(lazy)\nCall Trace:\n \u003cTASK\u003e\n ? trace_buffer_lock_reserve+0x2a/0x60\n __fortify_panic+0xd/0xf\n __timerlat_dump_stack.cold+0xd/0xd\n timerlat_dump_stack.part.0+0x47/0x80\n timerlat_fd_read+0x36d/0x390\n vfs_read+0xe2/0x390\n ? syscall_exit_to_user_mode+0x1d5/0x210\n ksys_read+0x73/0xe0\n do_syscall_64+0x7b/0x160\n ? exc_page_fault+0x7e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n__timerlat_dump_stack() constructs the ftrace stack entry like this:\n\nstruct stack_entry *entry;\n...\nmemcpy(&entry-\u003ecaller, fstack-\u003ecalls, size);\nentry-\u003esize = fstack-\u003enr_entries;\n\nSince commit e7186af7fb26 (\"tracing: Add back FORTIFY_SOURCE logic to\nkernel_stack event structure\"), struct stack_entry marks its caller\nfield with __counted_by(size). At the time of the memcpy, entry-\u003esize\ncontains garbage from the ringbuffer, which under some circumstances is\nzero, triggering a kernel panic by buffer overflow.\n\nPopulate the size field before the memcpy so that the out-of-bounds\ncheck knows the correct size. This is analogous to\n__ftrace_trace_stack().","modified":"2026-04-01T05:20:40.467667Z","published":"2025-07-28T12:15:31Z","upstream":["CVE-2025-38493"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38493"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.104.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65946.json"}}],"schema_version":"1.7.5"}