CVE-2025-38466: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38466 is a security vulnerability discovered in the Linux kernel related to the perf subsystem's handling of uprobes. The vulnerability was disclosed on July 25, 2025, affecting various versions of the Linux kernel. The issue specifically concerns how uprobes can be used destructively when placed in the middle of an instruction (NVD).

The vulnerability stems from the kernel's verification process for uprobes. While the kernel verifies the presence of a valid instruction at the requested offset, it cannot determine if this is an instruction as seen by the intended execution stream due to variable instruction length. Additionally, on architectures that mix data in the text segment (like arm64), data words can be mistakenly interpreted as instructions. The vulnerability has been assigned a CVSS v3.1 score of 7.0 (High) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (RedHat).

The vulnerability affects multiple versions of Linux distributions, including Red Hat Enterprise Linux 8, 9, and 10, with their respective kernel and kernel-rt packages. The impact is considered high as it could potentially allow attackers with local access to execute destructive operations through malicious use of uprobes (RedHat).

The vulnerability has been addressed by reverting to requiring CAP_SYS_ADMIN privileges for uprobes usage. This change ensures that only privileged users with administrative capabilities can utilize uprobes, significantly reducing the attack surface (NVD).