CVE-2025-38466
Published: Jul 25, 2025
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAP_SYS_ADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but due to variable instruction length cannot determine if this is an instruction as seen by the intended execution stream. Additionally, Mark Rutland notes that on architectures that mix data in the text segment (like arm64), a similar things can be done if the data word is 'mistaken' for an instruction. As such, require CAP_SYS_ADMIN for uprobes.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c9e0924e5c2b59365f9c0d43ff8722e79ecf4088 - < d7ef1afd5b3f43f4924326164cee5397b66abd9caffected c9e0924e5c2b59365f9c0d43ff8722e79ecf4088 - < c0aec35f861fa746ca45aa816161c74352e6ada8affected c9e0924e5c2b59365f9c0d43ff8722e79ecf4088 - < 8e8bf7bc6aa6f583336c2fda280b6cea0aed5612affected c9e0924e5c2b59365f9c0d43ff8722e79ecf4088 - < 183bdb89af1b5193b1d1d9316986053b15ca6fa4affected c9e0924e5c2b59365f9c0d43ff8722e79ecf4088 - < a0a8009083e569b5526c64f7d3f2a62baca95164+2 more versions |
Linux | Linux | affected 5.8unaffected 0 - < 5.8unaffected 5.10.240 - <= 5.10.*unaffected 5.15.189 - <= 5.15.*unaffected 6.1.146 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now