CVE-2025-38493: 
Linux Kernel vulnerability analysis and mitigation

A buffer overflow vulnerability was discovered in the Linux kernel's tracing/osnoise subsystem, specifically in the timerlatdumpstack() function. The vulnerability was disclosed on July 28, 2025, and affects Linux kernel version 6.15.3-200.fc42.x86_64 and potentially other versions (NVD).

The vulnerability occurs in the _timerlatdumpstack() function where it constructs the ftrace stack entry incorrectly. The issue stems from a memcpy operation where entry->size contains garbage from the ringbuffer, which under certain circumstances can be zero, leading to a buffer overflow condition. The problem was introduced after commit e7186af7fb26 which added FORTIFYSOURCE logic to kernel_stack event structure (NVD).

When exploited, this vulnerability can trigger kernel panics when using timerlat with stack saving, potentially leading to system crashes and denial of service conditions. The issue manifests as a buffer overflow with an 88-byte write attempt on a buffer of size 0 (NVD).

The fix involves populating the size field before the memcpy operation so that the out-of-bounds check knows the correct size. This approach is similar to the implementation in _ftracetrace_stack(). The vulnerability has been fixed in some distributions, with Debian Bullseye and Bookworm already having patches applied (Debian Tracker).