CVE-2025-39974

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()<br /> <br /> When config osnoise cpus by write() syscall, the following KASAN splat may<br /> be observed:<br /> <br /> BUG: KASAN: slab-out-of-bounds in _parse_integer_limit+0x103/0x130<br /> Read of size 1 at addr ffff88810121e3a1 by task test/447<br /> CPU: 1 UID: 0 PID: 447 Comm: test Not tainted 6.17.0-rc6-dirty #288 PREEMPT(voluntary)<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x55/0x70<br /> print_report+0xcb/0x610<br /> kasan_report+0xb8/0xf0<br /> _parse_integer_limit+0x103/0x130<br /> bitmap_parselist+0x16d/0x6f0<br /> osnoise_cpus_write+0x116/0x2d0<br /> vfs_write+0x21e/0xcc0<br /> ksys_write+0xee/0x1c0<br /> do_syscall_64+0xa8/0x2a0<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> <br /> This issue can be reproduced by below code:<br /> <br /> const char *cpulist = "1";<br /> int fd=open("/sys/kernel/debug/tracing/osnoise/cpus", O_WRONLY);<br /> write(fd, cpulist, strlen(cpulist));<br /> <br /> Function bitmap_parselist() was called to parse cpulist, it require that<br /> the parameter &amp;#39;buf&amp;#39; must be terminated with a &amp;#39;\0&amp;#39; or &amp;#39;\n&amp;#39;. Fix this issue<br /> by adding a &amp;#39;\0&amp;#39; to &amp;#39;buf&amp;#39; in osnoise_cpus_write().