CVE-2025-39974
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config osnoise cpus by write() syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in _parse_integer_limit+0x103/0x130 Read of size 1 at addr ffff88810121e3a1 by task test/447 CPU: 1 UID: 0 PID: 447 Comm: test Not tainted 6.17.0-rc6-dirty #288 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x55/0x70 print_report+0xcb/0x610 kasan_report+0xb8/0xf0 _parse_integer_limit+0x103/0x130 bitmap_parselist+0x16d/0x6f0 osnoise_cpus_write+0x116/0x2d0 vfs_write+0x21e/0xcc0 ksys_write+0xee/0x1c0 do_syscall_64+0xa8/0x2a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> This issue can be reproduced by below code: const char *cpulist = "1"; int fd=open("/sys/kernel/debug/tracing/osnoise/cpus", O_WRONLY); write(fd, cpulist, strlen(cpulist)); Function bitmap_parselist() was called to parse cpulist, it require that the parameter 'buf' must be terminated with a '\0' or '\n'. Fix this issue by adding a '\0' to 'buf' in osnoise_cpus_write().
EPSS 0.03% · 8.1th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 6.17, 0, 6.16.10 |
| linux | linux_kernel | 6.16, 6.16 |
Exploit Intelligence
Timeline
- Jan 21, 1970 Security Advisory
- Oct 15, 2025 EPSS Score
- Oct 15, 2025 Coalition ESS Score
- Oct 15, 2025 CVE Published
- Oct 21, 2025 EPSS Score
- Oct 27, 2025 EPSS Score
- Nov 2, 2025 EPSS Score
- Nov 2, 2025 Coalition ESS Score
- Nov 8, 2025 EPSS Score
- Nov 15, 2025 EPSS Score
- Nov 18, 2025 Coalition ESS Score
- Nov 21, 2025 EPSS Score