CVE-2025-38346

HIGHNVD 7.87.8
EchelonGraph scoreMEDIUM confidence

Score 7.8 from GitHub Security Advisory (severity: HIGH) published 2025-07-10. NVD baseline CVSS 7.8; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
7.8
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 0%CVSS: 7.8Exploit: NoneExposed: 0

A fix is available — apply it.

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Fix UAF when lookup kallsym after ftrace disabled

The following issue happens with a buggy module:

BUG: unable to handle page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0 Oops: Oops: 0000 [#1] SMP KASAN PTI Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS RIP: 0010:sized_strscpy+0x81/0x2f0 RSP: 0018:ffff88812d76fa08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffffffc0601010 RCX: dffffc0000000000 RDX: 0000000000000038 RSI: dffffc0000000000 RDI: ffff88812608da2d RBP: 8080808080808080 R08: ffff88812608da2d R09: ffff88812608da68 R10: ffff88812608d82d R11: ffff88812608d810 R12: 0000000000000038 R13: ffff88812608da2d R14: ffffffffc05d0218 R15: fefefefefefefeff FS: 00007fef552de740(0000) GS:ffff8884251c7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffc05d0218 CR3: 00000001146f0000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ftrace_mod_get_kallsym+0x1ac/0x590 update_iter_mod+0x239/0x5b0 s_next+0x5b/0xa0 seq_read_iter+0x8c9/0x1070 seq_read+0x249/0x3b0 proc_reg_read+0x1b0/0x280 vfs_read+0x17f/0x920 ksys_read+0xf3/0x1c0 do_syscall_64+0x5f/0x2e0 entry_SYSCALL_64_after_hwframe+0x76/0x7e

The above issue may happen as follows: (1) Add kprobe tracepoint; (2) insmod test.ko; (3) Module triggers ftrace disabled; (4) rmmod test.ko; (5) cat /proc/kallsyms; --> Will trigger UAF as test.ko already removed; ftrace_mod_get_kallsym() ... strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN); ...

The problem is when a module triggers an issue with ftrace and sets ftrace_disable. The ftrace_disable is set when an anomaly is discovered and to prevent any more damage, ftrace stops all text modification. The issue that happened was that the ftrace_disable stops more than just the text modification.

When a module is loaded, its init functions can also be traced. Because kallsyms deletes the init functions after a module has loaded, ftrace saves them when the module is loaded and function tracing is enabled. This allows the output of the function trace to show the init function names instead of just their raw memory addresses.

When a module is removed, ftrace_release_mod() is called, and if ftrace_disable is set, it just returns without doing anything more. The problem here is that it leaves the mod_list still around and if kallsyms is called, it will call into this code and access the module memory that has already been freed as it will return:

strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN);

Where the "mod" no longer exists and triggers a UAF bug.

CVSS v3
7.8
EG Score
7.8(medium)
EPSS
6.4%
KEV
Not listed

Published

July 10, 2025

Last Modified

December 16, 2025

Vendor Advisories for CVE-2025-38346(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Patch Availability(30)

Vendor / EcosystemFixed in / PatchReleasedSource
ubuntulinux-tools-azure-fips-5.15 (5.15.0.1096.81) @ jammy2026-05-30ubuntu
ubuntulinux-tools-gcp-fips-5.15 (5.15.0.1092.82) @ jammy2026-05-30ubuntu
ubuntulinux-tools-realtime-5.15 (5.15.0.1092.96) @ jammy2026-05-30ubuntu
ubuntulinux-virtual-hwe-20.04-edge (5.15.0.156.166~20.04.1) @ focal2026-05-30ubuntu
ubuntulinux-tools-azure-edge (5.15.0.1096.105~20.04.1) @ focal2026-05-30ubuntu
ubuntulinux-tools-kvm-5.15 (5.15.0.1088.84) @ jammy2026-05-30ubuntu
ubuntulinux-tools-azure-lts-22.04 (5.15.0.1096.94) @ jammy2026-05-30ubuntu
ubuntulinux-tools-nvidia-tegra-igx-rt-5.15 (5.15.0.1034.36) @ jammy2026-05-30ubuntu
ubuntulinux-virtual-hwe-24.04-edge (6.14.0-34.34) @ plucky2026-05-30ubuntu
ubuntulinux-tools-azure-nvidia-edge (6.14.0-1007.7) @ noble2026-05-30ubuntu
ubuntulinux-virtual-hwe-24.04-edge (6.14.0-34.34~24.04.1) @ noble2026-05-30ubuntu
ubuntulinux-tools-gcp-edge (6.14.0-1018.19~24.04.1) @ noble2026-05-30ubuntu
ubuntulinux-tools-aws-edge (6.14.0-1015.15~24.04.1) @ noble2026-05-30ubuntu
ubuntulinux-tools-realtime-hwe-24.04-edge (6.14.0-1014.14~24.04.1) @ noble2026-05-30ubuntu
ubuntulinux-virtual-6.8 (6.8.0-100.100) @ noble2026-05-30ubuntu
ubuntulinux-tools-realtime-hwe-22.04 (6.8.1-1041.42~22.04.1) @ jammy2026-05-30ubuntu
ubuntulinux-tools-gcp-edge (6.8.0-1047.50~22.04.2) @ jammy2026-05-30ubuntu
ubuntulinux-tools-realtime-6.8.1 (6.8.1-1041.42) @ noble2026-05-30ubuntu
ubuntulinux-tools-fips-6.8 (6.8.0-100.100+fips1) @ noble2026-05-30ubuntu
ubuntulinux-tools-oracle-lts-24.04 (6.8.0-1043.44) @ noble2026-05-30ubuntu
ubuntulinux-tools-gcp-fips-6.8 (6.8.0-1047.50+fips1) @ noble2026-05-30ubuntu
ubuntulinux-tools-nvidia-lowlatency-64k-6.8 (6.8.0-1046.49.1) @ noble2026-05-30ubuntu
ubuntulinux-virtual-hwe-22.04-edge (6.8.0-100.100~22.04.1) @ jammy2026-05-30ubuntu
ubuntulinux-tools-gke-64k-6.8 (6.8.0-1043.48) @ noble2026-05-30ubuntu
ubuntulinux-tools-lowlatency-hwe-20.04-edge (6.8.0-100.100.1) @ noble2026-05-30ubuntu
ubuntulinux-xilinx-zynqmp (6.8.0.1023.24) @ noble2026-05-30ubuntu
ubuntulinux-tools-ibm-lts-24.04 (6.8.0-1044.44) @ noble2026-05-30ubuntu
ubuntulinux-tools-azure-lts-24.04 (6.8.0-1046.52) @ noble2026-05-30ubuntu
ubuntulinux-tools-azure-fips-6.8 (6.8.0-1046.52+fips1) @ noble2026-05-30ubuntu
redhatkernel-0:6.12.0-211.7.1.el10_22026-05-19redhat

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

Additional Vendor Advisories

(24)

Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.

Data Freshness Timeline

(refreshed 12× in last 7d / 51× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-15 16:57 UTCEPSS rescore
  2. 2026-07-15 16:57 UTCEPSS rescore
  3. 2026-07-15 01:59 UTCEPSS rescore
  4. 2026-07-15 01:59 UTCEPSS rescore
  5. 2026-07-13 22:29 UTCEPSS rescore
  6. 2026-07-13 22:29 UTCEPSS rescore
  7. 2026-07-13 06:12 UTCEPSS rescore
  8. 2026-07-12 05:46 UTCEPSS rescore
  9. 2026-07-11 08:27 UTCEPSS rescore
  10. 2026-07-11 08:27 UTCEPSS rescore
  11. 2026-07-09 19:09 UTCEPSS rescore
  12. 2026-07-09 19:09 UTCEPSS rescore
  13. 2026-07-07 13:45 UTCEPSS rescore
  14. 2026-07-06 19:19 UTCOSV refresh
  15. 2026-07-06 16:27 UTCEPSS rescore
  16. 2026-07-06 16:27 UTCEPSS rescore
  17. 2026-07-06 02:23 UTCEPSS rescore
  18. 2026-07-05 02:30 UTCEPSS rescore
  19. 2026-07-04 06:30 UTCEPSS rescore
  20. 2026-07-01 15:06 UTCEPSS rescore
  21. 2026-07-01 15:06 UTCEPSS rescore
  22. 2026-06-30 23:22 UTCEPSS rescore
  23. 2026-06-30 23:22 UTCEPSS rescore
  24. 2026-06-29 14:06 UTCEPSS rescore
  25. 2026-06-29 14:06 UTCEPSS rescore
Show 53 more
  1. 2026-06-28 14:07 UTCEPSS rescore
  2. 2026-06-28 14:07 UTCEPSS rescore
  3. 2026-06-28 04:55 UTCEPSS rescore
  4. 2026-06-28 04:55 UTCEPSS rescore
  5. 2026-06-27 03:08 UTCEPSS rescore
  6. 2026-06-27 03:08 UTCEPSS rescore
  7. 2026-06-25 13:49 UTCEPSS rescore
  8. 2026-06-25 13:49 UTCEPSS rescore
  9. 2026-06-24 14:04 UTCEPSS rescore
  10. 2026-06-24 14:04 UTCEPSS rescore
  11. 2026-06-23 21:32 UTCEPSS rescore
  12. 2026-06-23 21:32 UTCEPSS rescore
  13. 2026-06-22 14:25 UTCEPSS rescore
  14. 2026-06-22 14:25 UTCEPSS rescore
  15. 2026-06-21 14:56 UTCEPSS rescore
  16. 2026-06-21 14:56 UTCEPSS rescore
  17. 2026-06-21 01:59 UTCEPSS rescore
  18. 2026-06-21 01:59 UTCEPSS rescore
  19. 2026-06-19 19:25 UTCEPSS rescore
  20. 2026-06-19 19:25 UTCEPSS rescore
  21. 2026-06-18 17:52 UTCEPSS rescore
  22. 2026-06-18 17:52 UTCEPSS rescore
  23. 2026-06-18 07:43 UTCOSV refresh
  24. 2026-06-17 17:52 UTCEPSS rescore
  25. 2026-06-16 17:52 UTCEPSS rescore
  26. 2026-06-16 17:52 UTCEPSS rescore
  27. 2026-06-14 23:17 UTCEPSS rescore
  28. 2026-06-13 23:00 UTCEPSS rescore
  29. 2026-06-12 23:11 UTCEPSS rescore
  30. 2026-06-11 14:00 UTCEPSS rescore
  31. 2026-06-10 22:18 UTCEPSS rescore
  32. 2026-06-10 13:22 UTCEPSS rescore
  33. 2026-06-08 14:16 UTCEPSS rescore
  34. 2026-06-08 14:16 UTCEPSS rescore
  35. 2026-06-07 15:24 UTCEPSS rescore
  36. 2026-06-06 13:47 UTCEPSS rescore
  37. 2026-06-06 13:47 UTCEPSS rescore
  38. 2026-06-05 22:46 UTCEPSS rescore
  39. 2026-06-05 22:46 UTCEPSS rescore
  40. 2026-06-05 06:10 UTCEPSS rescore
  41. 2026-06-05 06:10 UTCEPSS rescore
  42. 2026-06-04 13:12 UTCEPSS rescore
  43. 2026-06-04 13:12 UTCEPSS rescore
  44. 2026-06-02 20:12 UTCEPSS rescore
  45. 2026-06-01 13:51 UTCEPSS rescore
  46. 2026-06-01 13:51 UTCEPSS rescore
  47. 2026-05-31 22:30 UTCEPSS rescore
  48. 2026-05-31 22:30 UTCEPSS rescore
  49. 2026-05-31 00:16 UTCEPSS rescore
  50. 2026-05-30 02:05 UTCEG score recompute
  51. 2026-05-30 02:05 UTCVendor advisory
  52. 2026-05-30 02:05 UTCGHSA enrichment
  53. 2026-05-29 13:44 UTCEPSS rescore

Frequently asked(5)

What is CVE-2025-38346?
CVE-2025-38346 is a high vulnerability published on July 10, 2025. In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a buggy module: BUG: unable to handle page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0…
When was CVE-2025-38346 disclosed?
CVE-2025-38346 was first published in the National Vulnerability Database on July 10, 2025, with the most recent update on December 16, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2025-38346 actively exploited?
CVE-2025-38346 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 6.4% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2025-38346?
CVE-2025-38346 has a CVSS v3 base score of 7.8 (NVD).
How do I remediate CVE-2025-38346?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2025-38346, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2025-38346

Explore →

Is Your Infrastructure Affected by CVE-2025-38346?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.