CVE-2025-68370: Buffer Oops in Kernel Coresight TMC Event Handling
CVE-2025-68370 Published on December 24, 2025
coresight: tmc: add the handle of the event to the path
In the Linux kernel, the following vulnerability has been resolved:
coresight: tmc: add the handle of the event to the path
The handle is essential for retrieving the AUX_EVENT of each CPU and is
required in perf mode. It has been added to the coresight_path so that
dependent devices can access it from the path when needed.
The existing bug can be reproduced with:
perf record -e cs_etm//k -C 0-9 dd if=/dev/zero of=/dev/null
Showing an oops as follows:
Unable to handle kernel paging request at virtual address 000f6e84934ed19e
Call trace:
tmc_etr_get_buffer+0x30/0x80 [coresight_tmc] (P)
catu_enable_hw+0xbc/0x3d0 [coresight_catu]
catu_enable+0x70/0xe0 [coresight_catu]
coresight_enable_path+0xb0/0x258 [coresight]
Products Associated with CVE-2025-68370
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Linux Kernel. Just hit a watch button to start following.
Affected Versions
Linux:- Version 080ee83cc361451a7de7b5486c7f96ce454f7203 and below faa8f38f7ccb344ace2c1f364efc70e3a12d32f3 is affected.
- Version 080ee83cc361451a7de7b5486c7f96ce454f7203 and below d0c9effd82f2c19b92acd07d357fac5f392d549a is affected.
- Version 080ee83cc361451a7de7b5486c7f96ce454f7203 and below aaa5abcc9d44d2c8484f779ab46d242d774cabcb is affected.
- Version 6.15 is affected.
- Before 6.15 is unaffected.
- Version 6.17.13, <= 6.17.* is unaffected.
- Version 6.18.2, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.