{
  "affected": [
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:14",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.16.10-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:  tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()  When config osnoise cpus by write() syscall, the following KASAN splat may be observed:  BUG: KASAN: slab-out-of-bounds in _parse_integer_limit+0x103/0x130 Read of size 1 at addr ffff88810121e3a1 by task test/447 CPU: 1 UID: 0 PID: 447 Comm: test Not tainted 6.17.0-rc6-dirty #288 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace:  \u003cTASK\u003e  dump_stack_lvl+0x55/0x70  print_report+0xcb/0x610  kasan_report+0xb8/0xf0  _parse_integer_limit+0x103/0x130  bitmap_parselist+0x16d/0x6f0  osnoise_cpus_write+0x116/0x2d0  vfs_write+0x21e/0xcc0  ksys_write+0xee/0x1c0  do_syscall_64+0xa8/0x2a0  entry_SYSCALL_64_after_hwframe+0x77/0x7f  \u003c/TASK\u003e  This issue can be reproduced by below code:  const char *cpulist = \"1\"; int fd=open(\"/sys/kernel/debug/tracing/osnoise/cpus\", O_WRONLY); write(fd, cpulist, strlen(cpulist));  Function bitmap_parselist() was called to parse cpulist, it require that the parameter 'buf' must be terminated with a '\\0' or '\\n'. Fix this issue by adding a '\\0' to 'buf' in osnoise_cpus_write().",
  "id": "DEBIAN-CVE-2025-39974",
  "modified": "2026-04-28T19:48:10.042199369Z",
  "published": "2025-10-15T08:15:35.153Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://security-tracker.debian.org/tracker/CVE-2025-39974"
    }
  ],
  "upstream": [
    "CVE-2025-39974"
  ]
}