{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38327","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.004Z","datePublished":"2025-07-10T08:15:01.577Z","dateUpdated":"2026-05-11T21:25:50.528Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:25:50.528Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfgraph: Do not enable function_graph tracer when setting funcgraph-args\n\nWhen setting the funcgraph-args option when function graph tracer is net\nenabled, it incorrectly enables it. Worse, it unregisters itself when it\nwas never registered. Then when it gets enabled again, it will register\nitself a second time causing a WARNing.\n\n ~# echo 1 > /sys/kernel/tracing/options/funcgraph-args\n ~# head -20 /sys/kernel/tracing/trace\n # tracer: nop\n #\n # entries-in-buffer/entries-written: 813/26317372 #P:8\n #\n # _-----=> irqs-off/BH-disabled\n # / _----=> need-resched\n # | / _---=> hardirq/softirq\n # || / _--=> preempt-depth\n # ||| / _-=> migrate-disable\n # |||| / delay\n # TASK-PID CPU# ||||| TIMESTAMP FUNCTION\n # | | | ||||| | |\n -0 [007] d..4. 358.966010: 7) 1.692 us | fetch_next_timer_interrupt(basej=4294981640, basem=357956000000, base_local=0xffff88823c3ae040, base_global=0xffff88823c3af300, tevt=0xffff888100e47cb8);\n -0 [007] d..4. 358.966012: 7) | tmigr_cpu_deactivate(nextexp=357988000000) {\n -0 [007] d..4. 358.966013: 7) | _raw_spin_lock(lock=0xffff88823c3b2320) {\n -0 [007] d..4. 358.966014: 7) 0.981 us | preempt_count_add(val=1);\n -0 [007] d..5. 358.966017: 7) 1.058 us | do_raw_spin_lock(lock=0xffff88823c3b2320);\n -0 [007] d..4. 358.966019: 7) 5.824 us | }\n -0 [007] d..5. 358.966021: 7) | tmigr_inactive_up(group=0xffff888100cb9000, child=0x0, data=0xffff888100e47bc0) {\n -0 [007] d..5. 358.966022: 7) | tmigr_update_events(group=0xffff888100cb9000, child=0x0, data=0xffff888100e47bc0) {\n\nNotice the \"tracer: nop\" at the top there. The current tracer is the \"nop\"\ntracer, but the content is obviously the function graph tracer.\n\nEnabling function graph tracing will cause it to register again and\ntrigger a warning in the accounting:\n\n ~# echo function_graph > /sys/kernel/tracing/current_tracer\n -bash: echo: write error: Device or resource busy\n\nWith the dmesg of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 7 PID: 1095 at kernel/trace/ftrace.c:3509 ftrace_startup_subops+0xc1e/0x1000\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 7 UID: 0 PID: 1095 Comm: bash Not tainted 6.16.0-rc2-test-00006-gea03de4105d3 #24 PREEMPT\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:ftrace_startup_subops+0xc1e/0x1000\n Code: 48 b8 22 01 00 00 00 00 ad de 49 89 84 24 88 01 00 00 8b 44 24 08 89 04 24 e9 c3 f7 ff ff c7 04 24 ed ff ff ff e9 b7 f7 ff ff <0f> 0b c7 04 24 f0 ff ff ff e9 a9 f7 ff ff c7 04 24 f4 ff ff ff e9\n RSP: 0018:ffff888133cff948 EFLAGS: 00010202\n RAX: 0000000000000001 RBX: 1ffff1102679ff31 RCX: 0000000000000000\n RDX: 1ffffffff0b27a60 RSI: ffffffff8593d2f0 RDI: ffffffff85941140\n RBP: 00000000000c2041 R08: ffffffffffffffff R09: ffffed1020240221\n R10: ffff88810120110f R11: ffffed1020240214 R12: ffffffff8593d2f0\n R13: ffffffff8593d300 R14: ffffffff85941140 R15: ffffffff85631100\n FS: 00007f7ec6f28740(0000) GS:ffff8882b5251000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f7ec6f181c0 CR3: 000000012f1d0005 CR4: 0000000000172ef0\n Call Trace:\n \n ? __pfx_ftrace_startup_subops+0x10/0x10\n ? find_held_lock+0x2b/0x80\n ? ftrace_stub_direct_tramp+0x10/0x10\n ? ftrace_stub_direct_tramp+0x10/0x10\n ? trace_preempt_on+0xd0/0x110\n ? __pfx_trace_graph_entry_args+0x10/\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/trace_functions_graph.c"],"versions":[{"version":"c7a60a733c373eed0094774c141bf2934237e7ff","lessThan":"300dedd9fe182d4c7424550d81cee595994486d1","status":"affected","versionType":"git"},{"version":"c7a60a733c373eed0094774c141bf2934237e7ff","lessThan":"327e28664307d49ce3fa71ba30dcc0007c270974","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/trace_functions_graph.c"],"versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","status":"unaffected","versionType":"semver"},{"version":"6.15.4","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.15.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/300dedd9fe182d4c7424550d81cee595994486d1"},{"url":"https://git.kernel.org/stable/c/327e28664307d49ce3fa71ba30dcc0007c270974"}],"title":"fgraph: Do not enable function_graph tracer when setting funcgraph-args","x_generator":{"engine":"bippy-1.2.0"}}}}