CVE-2025-37923 – This CVE describes an out-of-bounds write vulne... (How to Fix)

Q: What is the severity of CVE-2025-37923?

CVE-2025-37923 has a CVSS score of 7.8 (HIGH). This CVE describes an out-of-bounds write vulnerability in the Linux kernel's tracing subsystem. The trace_seq_to_buffer() function can copy more data than a page size allows, potentially leading to kernel memory corruption. This affects all Linux systems with kernel tracing enabled.

📋 TL;DR

This CVE describes an out-of-bounds write vulnerability in the Linux kernel's tracing subsystem. The trace_seq_to_buffer() function can copy more data than a page size allows, potentially leading to kernel memory corruption. This affects all Linux systems with kernel tracing enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: All Linux distributions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if kernel tracing (ftrace) is enabled and accessible. Many distributions have tracing disabled by default or restrict access.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation to root if an attacker can control the memory corruption to execute arbitrary code.

🟠

Likely Case

System instability, kernel panic, or denial of service through system crashes.

🟢

If Mitigated

Limited impact if kernel page protections prevent code execution, but still risk of system instability.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger kernel tracing functions.

🏢 Internal Only: MEDIUM - Local users or processes with tracing permissions could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger kernel tracing functions, which typically requires appropriate permissions. The bug was found by syzkaller fuzzer.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 056ebbddb8faf4ddf83d005454dd78fc25c2d897, 1a3f9482b50b74fa9421bff8ceecfefd0dc06f8f, 1f27a3e93b8d674b24b27fcdbc6f72743cd96c0d, 441021e5b3c7d9bd1b963590652c415929f3b157, 665ce421041890571852422487f4c613d1824ba9

Vendor Advisory: https://git.kernel.org/stable/c/056ebbddb8faf4ddf83d005454dd78fc25c2d897

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for patched kernel packages. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable kernel tracing

linux

Disable ftrace and other kernel tracing features to prevent exploitation

echo 0 > /sys/kernel/debug/tracing/tracing_on
echo nop > /sys/kernel/debug/tracing/current_tracer

Restrict tracing access

linux

Limit access to tracing debugfs interface to trusted users only

chmod 700 /sys/kernel/debug/tracing
setfacl -m u:root:rwx /sys/kernel/debug/tracing

🧯 If You Can't Patch

Disable kernel tracing completely if not required for operations
Implement strict access controls to /sys/kernel/debug/tracing directory

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if tracing is enabled: cat /sys/kernel/debug/tracing/tracing_on

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check with distribution's security advisory

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN reports of out-of-bounds writes
System crash/reboot logs

Network Indicators:

None - this is a local kernel vulnerability

SIEM Query:

Search for kernel panic events or KASAN reports in system logs

📊 Metadata

CVE ID: CVE-2025-37923

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.03% exploit probability (8.3th percentile)

Published: May 20, 2025

Last Updated: November 10, 2025

🔗 References

https://git.kernel.org/stable/c/056ebbddb8faf4ddf83d005454dd78fc25c2d897 Patch
https://git.kernel.org/stable/c/1a3f9482b50b74fa9421bff8ceecfefd0dc06f8f Patch
https://git.kernel.org/stable/c/1f27a3e93b8d674b24b27fcdbc6f72743cd96c0d Patch
https://git.kernel.org/stable/c/441021e5b3c7d9bd1b963590652c415929f3b157 Patch
https://git.kernel.org/stable/c/665ce421041890571852422487f4c613d1824ba9 Patch
https://git.kernel.org/stable/c/c5d2b66c5ef5037b4b4360e5447605ff00ba1bd4 Patch
https://git.kernel.org/stable/c/f4b0174e9f18aaba59ee6ffdaf8827a7f94eb606 Patch
https://git.kernel.org/stable/c/f5178c41bb43444a6008150fe6094497135d07cb Patch
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37923, you might also want to check these: