{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T12:28:44.403","vulnerabilities":[{"cve":{"id":"CVE-2025-38636","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-08-22T16:15:37.587","lastModified":"2025-11-26T17:12:06.677","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrv: Use strings in da monitors tracepoints\n\nUsing DA monitors tracepoints with KASAN enabled triggers the following\nwarning:\n\n BUG: KASAN: global-out-of-bounds in do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0\n Read of size 32 at addr ffffffffaada8980 by task ...\n Call Trace:\n  <TASK>\n [...]\n  do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0\n  ? __pfx_do_trace_event_raw_event_event_da_monitor+0x10/0x10\n  ? trace_event_sncid+0x83/0x200\n  trace_event_sncid+0x163/0x200\n [...]\n The buggy address belongs to the variable:\n  automaton_snep+0x4e0/0x5e0\n\nThis is caused by the tracepoints reading 32 bytes __array instead of\n__string from the automata definition. Such strings are literals and\nreading 32 bytes ends up in out of bound memory accesses (e.g. the next\nautomaton's data in this case).\nThe error is harmless as, while printing the string, we stop at the null\nterminator, but it should still be fixed.\n\nUse the __string facilities while defining the tracepoints to avoid\nreading out of bound memory."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rv: Uso de cadenas en los puntos de seguimiento de los monitores DA El uso de puntos de seguimiento de los monitores DA con KASAN habilitado activa la siguiente advertencia: ERROR: KASAN: global fuera de los límites en do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0 Lectura de tamaño 32 en la dirección ffffffffaada8980 por la tarea ... Seguimiento de llamada:  [...] do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0 ? __pfx_do_trace_event_raw_event_event_da_monitor+0x10/0x10 ? trace_event_sncid+0x83/0x200 trace_event_sncid+0x163/0x200 [...] La dirección con errores pertenece a la variable: automaton_snep+0x4e0/0x5e0 Esto se debe a que los puntos de seguimiento leen 32 bytes __array en lugar de __string de la definición del autómata. Dichas cadenas son literales y la lectura de 32 bytes termina en accesos fuera de memoria límite (por ejemplo, los datos del siguiente autómata en este caso). El error es inofensivo ya que, al imprimir la cadena, nos detenemos en el terminador nulo, pero aún así debería corregirse. Use las facilidades __string al definir los puntos de seguimiento para evitar la lectura fuera de memoria límite."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.16.1","matchCriteriaId":"3AF1532A-8F0C-4D73-8D9F-3580F2A8F834"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ebc70d973ce7a81826b5c4f55f743e07f5864d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f904ff6e58d398c4336f3c19c42b338324451f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}