| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025102403-CVE-2025-40021-fbe1@gregkh> Date: Fri, 24 Oct 2025 14:25:04 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it should also check the lockdown status and reject if it is set. The Linux kernel CVE team has assigned CVE-2025-40021 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4 with commit 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 and fixed in 5.10.245 with commit f3ac1f4eaba58e57943efa3e8b8d71fa7aab0abf Issue introduced in 5.4 with commit 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 and fixed in 5.15.194 with commit 0d41604d2d53c1abe27fefb54b37a8f6642a4d74 Issue introduced in 5.4 with commit 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 and fixed in 6.1.155 with commit 07b1f63b5f86765793fab44d3d4c2be681cddafb Issue introduced in 5.4 with commit 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 and fixed in 6.6.109 with commit 3887f3814c0e770e6b73567fe0f83a2c01a6470c Issue introduced in 5.4 with commit 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 and fixed in 6.12.50 with commit 573b1e39edfcb7b4eecde0f1664455a1f4462eee Issue introduced in 5.4 with commit 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 and fixed in 6.16.10 with commit b47c4e06687a5a7b6c6ef4bd303fcfe4430b26bb Issue introduced in 5.4 with commit 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 and fixed in 6.17 with commit 456c32e3c4316654f95f9d49c12cbecfb77d5660 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40021 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/trace/trace_dynevent.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f3ac1f4eaba58e57943efa3e8b8d71fa7aab0abf https://git.kernel.org/stable/c/0d41604d2d53c1abe27fefb54b37a8f6642a4d74 https://git.kernel.org/stable/c/07b1f63b5f86765793fab44d3d4c2be681cddafb https://git.kernel.org/stable/c/3887f3814c0e770e6b73567fe0f83a2c01a6470c https://git.kernel.org/stable/c/573b1e39edfcb7b4eecde0f1664455a1f4462eee https://git.kernel.org/stable/c/b47c4e06687a5a7b6c6ef4bd303fcfe4430b26bb https://git.kernel.org/stable/c/456c32e3c4316654f95f9d49c12cbecfb77d5660
Powered by blists - more mailing lists