{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "c7a60a733c373eed0094774c141bf2934237e7ff"
            },
            {
              "fixed": "300dedd9fe182d4c7424550d81cee595994486d1"
            },
            {
              "fixed": "327e28664307d49ce3fa71ba30dcc0007c270974"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38327.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfgraph: Do not enable function_graph tracer when setting funcgraph-args\n\nWhen setting the funcgraph-args option when function graph tracer is net\nenabled, it incorrectly enables it. Worse, it unregisters itself when it\nwas never registered. Then when it gets enabled again, it will register\nitself a second time causing a WARNing.\n\n ~# echo 1 \u003e /sys/kernel/tracing/options/funcgraph-args\n ~# head -20 /sys/kernel/tracing/trace\n # tracer: nop\n #\n # entries-in-buffer/entries-written: 813/26317372   #P:8\n #\n #                                _-----=\u003e irqs-off/BH-disabled\n #                               / _----=\u003e need-resched\n #                              | / _---=\u003e hardirq/softirq\n #                              || / _--=\u003e preempt-depth\n #                              ||| / _-=\u003e migrate-disable\n #                              |||| /     delay\n #           TASK-PID     CPU#  |||||  TIMESTAMP  FUNCTION\n #              | |         |   |||||     |         |\n           \u003cidle\u003e-0       [007] d..4.   358.966010:  7)   1.692 us    |          fetch_next_timer_interrupt(basej=4294981640, basem=357956000000, base_local=0xffff88823c3ae040, base_global=0xffff88823c3af300, tevt=0xffff888100e47cb8);\n           \u003cidle\u003e-0       [007] d..4.   358.966012:  7)               |          tmigr_cpu_deactivate(nextexp=357988000000) {\n           \u003cidle\u003e-0       [007] d..4.   358.966013:  7)               |            _raw_spin_lock(lock=0xffff88823c3b2320) {\n           \u003cidle\u003e-0       [007] d..4.   358.966014:  7)   0.981 us    |              preempt_count_add(val=1);\n           \u003cidle\u003e-0       [007] d..5.   358.966017:  7)   1.058 us    |              do_raw_spin_lock(lock=0xffff88823c3b2320);\n           \u003cidle\u003e-0       [007] d..4.   358.966019:  7)   5.824 us    |            }\n           \u003cidle\u003e-0       [007] d..5.   358.966021:  7)               |            tmigr_inactive_up(group=0xffff888100cb9000, child=0x0, data=0xffff888100e47bc0) {\n           \u003cidle\u003e-0       [007] d..5.   358.966022:  7)               |              tmigr_update_events(group=0xffff888100cb9000, child=0x0, data=0xffff888100e47bc0) {\n\nNotice the \"tracer: nop\" at the top there. The current tracer is the \"nop\"\ntracer, but the content is obviously the function graph tracer.\n\nEnabling function graph tracing will cause it to register again and\ntrigger a warning in the accounting:\n\n ~# echo function_graph \u003e /sys/kernel/tracing/current_tracer\n -bash: echo: write error: Device or resource busy\n\nWith the dmesg of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 7 PID: 1095 at kernel/trace/ftrace.c:3509 ftrace_startup_subops+0xc1e/0x1000\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 7 UID: 0 PID: 1095 Comm: bash Not tainted 6.16.0-rc2-test-00006-gea03de4105d3 #24 PREEMPT\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:ftrace_startup_subops+0xc1e/0x1000\n Code: 48 b8 22 01 00 00 00 00 ad de 49 89 84 24 88 01 00 00 8b 44 24 08 89 04 24 e9 c3 f7 ff ff c7 04 24 ed ff ff ff e9 b7 f7 ff ff \u003c0f\u003e 0b c7 04 24 f0 ff ff ff e9 a9 f7 ff ff c7 04 24 f4 ff ff ff e9\n RSP: 0018:ffff888133cff948 EFLAGS: 00010202\n RAX: 0000000000000001 RBX: 1ffff1102679ff31 RCX: 0000000000000000\n RDX: 1ffffffff0b27a60 RSI: ffffffff8593d2f0 RDI: ffffffff85941140\n RBP: 00000000000c2041 R08: ffffffffffffffff R09: ffffed1020240221\n R10: ffff88810120110f R11: ffffed1020240214 R12: ffffffff8593d2f0\n R13: ffffffff8593d300 R14: ffffffff85941140 R15: ffffffff85631100\n FS:  00007f7ec6f28740(0000) GS:ffff8882b5251000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f7ec6f181c0 CR3: 000000012f1d0005 CR4: 0000000000172ef0\n Call Trace:\n  \u003cTASK\u003e\n  ? __pfx_ftrace_startup_subops+0x10/0x10\n  ? find_held_lock+0x2b/0x80\n  ? ftrace_stub_direct_tramp+0x10/0x10\n  ? ftrace_stub_direct_tramp+0x10/0x10\n  ? trace_preempt_on+0xd0/0x110\n  ? __pfx_trace_graph_entry_args+0x10/\n---truncated---",
  "id": "CVE-2025-38327",
  "modified": "2026-04-01T23:08:00.573695693Z",
  "published": "2025-07-10T08:15:01.577Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/300dedd9fe182d4c7424550d81cee595994486d1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/327e28664307d49ce3fa71ba30dcc0007c270974"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38327.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38327"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.3",
  "summary": "fgraph: Do not enable function_graph tracer when setting funcgraph-args"
}