Fixed
Created: Jul 28, 2025
Updated: Aug 10, 2025
Resolved Date: Aug 10, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]perf: Revert to requiring CAP_SYS_ADMIN for uprobes[EOL][EOL]Jann reports that uprobes can be used destructively when used in the[EOL]middle of an instruction. The kernel only verifies there is a valid[EOL]instruction at the requested offset, but due to variable instruction[EOL]length cannot determine if this is an instruction as seen by the[EOL]intended execution stream.[EOL][EOL]Additionally, Mark Rutland notes that on architectures that mix data[EOL]in the text segment (like arm64), a similar things can be done if the[EOL]data word is 'mistaken' for an instruction.[EOL][EOL]As such, require CAP_SYS_ADMIN for uprobes.
CREATE(Triage):(User=admin) [CVE-2025-38466 (https://nvd.nist.gov/vuln/detail/CVE-2025-38466)
