CVE-2025-37938 – A vulnerability in the Linux kernel's tracing s... (How to Fix)

Q: What is the severity of CVE-2025-37938?

CVE-2025-37938 has a CVSS score of 5.5 (MEDIUM). A vulnerability in the Linux kernel's tracing subsystem allows reading freed memory when trace events use specific format specifiers. This could lead to kernel crashes or information disclosure. All Linux systems using affected kernel versions with tracing enabled are potentially affected.

📋 TL;DR

A vulnerability in the Linux kernel's tracing subsystem allows reading freed memory when trace events use specific format specifiers. This could lead to kernel crashes or information disclosure. All Linux systems using affected kernel versions with tracing enabled are potentially affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches exist in stable kernel trees. Likely affects multiple recent kernel versions before fixes were backported.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Requires tracing subsystem to be enabled and vulnerable format specifiers (%*p..) to be used in trace events. Many distributions disable detailed tracing by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential information disclosure from freed memory, or kernel memory corruption.

🟠

Likely Case

System instability or crashes when specific tracing events are triggered, particularly in debugging or monitoring scenarios.

🟢

If Mitigated

Minimal impact if tracing is disabled or the vulnerable format specifiers aren't used in custom trace events.

🌐 Internet-Facing: LOW - This requires local access or ability to trigger specific kernel tracing events.

🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger this vulnerability, leading to system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering specific trace events with vulnerable format specifiers. Likely requires local access or ability to load kernel modules.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits referenced in CVE). Check your distribution's kernel updates.

Vendor Advisory: https://git.kernel.org/stable/c/03127354027508d076073b020d3070990fd6a958

Restart Required: Yes

Instructions:

1. Update to patched kernel version from your Linux distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable tracing subsystem

linux

Disable kernel tracing features to prevent vulnerable code paths from being triggered

echo 0 > /sys/kernel/debug/tracing/tracing_on
echo 0 > /sys/kernel/debug/tracing/events/enable

🧯 If You Can't Patch

Disable all kernel tracing functionality
Restrict access to tracing interfaces to privileged users only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if tracing is enabled: cat /proc/version && cat /sys/kernel/debug/tracing/tracing_on

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to include the fix commits, and test that tracing functionality works without crashes

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes when tracing is active
dmesg errors related to tracing subsystem

Network Indicators:

None - this is a local kernel vulnerability

SIEM Query:

source="kernel" AND ("trace" OR "tracing") AND ("panic" OR "oops" OR "BUG")

📊 Metadata

CVE ID: CVE-2025-37938

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.03% exploit probability (6.7th percentile)

Published: May 20, 2025

Last Updated: December 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37938, you might also want to check these: