IM
IronMonkey Threat Research

CVE-2025-38466 MEDIUM

Published: 2025-07-25 | Last Modified: 2026-05-12 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAP_SYS_ADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but due to variable instruction length cannot determine if this is an instruction as seen by the intended execution stream. Additionally, Mark Rutland notes that on architectures that mix data in the text segment (like arm64), a similar things can be done if the data word is 'mistaken' for an instruction. As such, require CAP_SYS_ADMIN for uprobes.

Additional Descriptions (1)

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf: Revertir al requisito de CAP_SYS_ADMIN para uprobes. Jann informa que los uprobes pueden usarse de forma destructiva cuando se usan en medio de una instrucción. El kernel solo verifica que haya una instrucción válida en el desplazamiento solicitado, pero debido a la longitud variable de la instrucción, no puede determinar si se trata de una instrucción como la detecta el flujo de ejecución previsto. Además, Mark Rutland señala que en arquitecturas que mezclan datos en el segmento de texto (como arm64), se puede realizar una acción similar si la palabra de datos se confunde con una instrucción. Por lo tanto, se requiere CAP_SYS_ADMIN para uprobes.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bde79f7c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc3c4d80> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702ba6eda040> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc3c7600> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc3c5800> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc3c4b00> Operating System
linux linux_kernel 6.16 <built-in method update of dict object at 0x702bfc3c7d40> Operating System
linux linux_kernel 6.16 <built-in method update of dict object at 0x702bfc3c48c0> Operating System
linux linux_kernel 6.16 <built-in method update of dict object at 0x702bfc3c6f80> Operating System
linux linux_kernel 6.16 <built-in method update of dict object at 0x702bfc3c5240> Operating System
debian debian_linux 11.0 <built-in method update of dict object at 0x702bdc6d79c0> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References

Notification
Message here