CVE-2025-39974Improper Null Termination in Linux

CWE-170Improper Null Termination6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 15

Description

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config osnoise cpus by write() syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in _parse_integer_limit+0x103/0x130 Read of size 1 at addr ffff88810121e3a1 by task test/447 CPU: 1 UID: 0 PID: 447 Comm: test Not tainted 6.17.0-rc6-dirty #288 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15

Affected Packages4 packages

Linuxlinux/linux_kernel6.16.06.16.10
Debianlinux/linux_kernel< 6.16.10-1
CVEListV5linux/linux17f89102fe23d7389085a8820550df688f79888a930cb05a9e107777316b3ccf37f9556366669065+2
debiandebian/linux< linux 6.16.10-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2025-39974: In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config osno2025-10-15
OSV
tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()2025-10-15
GHSA
GHSA-w928-mvrh-3953: In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config os2025-10-15

📋Vendor Advisories

2
Red Hat
kernel: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()2025-10-15
Debian
CVE-2025-39974: linux - In the Linux kernel, the following vulnerability has been resolved: tracing/osn...2025