CVE-2025-39974

In the Linux kernel, the following vulnerability has been resolved:

tracing/osnoise: Fix slab-out-of-bounds in parseinteger_limit()

When config osnoise cpus by write() syscall, the following KASAN splat may be observed:

BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at addr ffff88810121e3a1 by task test/447 CPU: 1 UID: 0 PID: 447 Comm: test Not tainted 6.17.0-rc6-dirty #288 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dumpstacklvl+0x55/0x70 printreport+0xcb/0x610 kasanreport+0xb8/0xf0 parseintegerlimit+0x103/0x130 bitmapparselist+0x16d/0x6f0 osnoisecpuswrite+0x116/0x2d0 vfswrite+0x21e/0xcc0 ksyswrite+0xee/0x1c0 dosyscall64+0xa8/0x2a0 entrySYSCALL64after_hwframe+0x77/0x7f </TASK>

This issue can be reproduced by below code:

const char *cpulist = "1"; int fd=open("/sys/kernel/debug/tracing/osnoise/cpus", O_WRONLY); write(fd, cpulist, strlen(cpulist));

Function bitmapparselist() was called to parse cpulist, it require that the parameter 'buf' must be terminated with a '\0' or '\n'. Fix this issue by adding a '\0' to 'buf' in osnoisecpus_write().