CVE-2025-39813
published 2025-09-16CVE-2025-39813: In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling…
medium4.7CVSS 3.1
AVLACHPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
When calling ftrace_dump_one() concurrently with reading trace_pipe,
a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race
condition.
The issue occurs because:
CPU0 (ftrace_dump) CPU1 (reader)
echo z > /proc/sysrq-trigger
!trace_empty(&iter)
trace_iterator_reset(&iter) seq.len >= s->seq.size)
In the context between trace_empty() and trace_find_next_entry_inc()
during ftrace_dump, the ring buffer data was consumed by other readers.
This caused trace_find_next_entry_inc to return NULL, failing to populate
`iter.seq`. At this point, due to the prior trace_iterator_reset, both
`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,
the WARN_ON_ONCE condition is triggered.
Move the trace_printk_seq() into the if block that checks to make sure the
return value of trace_find_next_entry_inc() is non-NULL in
ftrace_dump_one(), ensuring the 'iter.seq' is properly populated before
subsequent operations.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= d769041f865330034131525ee6a7f72eb4af2a24 < f299353e7ccbcc5c2ed8993c48fbe7609cbe729a | f299353e7ccbcc5c2ed8993c48fbe7609cbe729a |
| linux | linux | >= d769041f865330034131525ee6a7f72eb4af2a24 < 5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85 | 5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85 |
| linux | linux | >= d769041f865330034131525ee6a7f72eb4af2a24 < a6f0f8873cc30fd4543b09adf03f7f51d293f0e6 | a6f0f8873cc30fd4543b09adf03f7f51d293f0e6 |
| linux | linux | >= d769041f865330034131525ee6a7f72eb4af2a24 < e80ff23ba8bdb0f41a1afe2657078e4097d13a9a | e80ff23ba8bdb0f41a1afe2657078e4097d13a9a |
| linux | linux | >= d769041f865330034131525ee6a7f72eb4af2a24 < 28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa | 28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa |
| linux | linux | >= d769041f865330034131525ee6a7f72eb4af2a24 < ced94e137e6cd5e79c65564841d3b7695d0f5fa3 | ced94e137e6cd5e79c65564841d3b7695d0f5fa3 |
| linux | linux | >= d769041f865330034131525ee6a7f72eb4af2a24 < fbd4cf7ee4db65ef36796769fe978e9eba6f0de4 | fbd4cf7ee4db65ef36796769fe978e9eba6f0de4 |
| linux | linux | >= d769041f865330034131525ee6a7f72eb4af2a24 < 4013aef2ced9b756a410f50d12df9ebe6a883e4a | 4013aef2ced9b756a410f50d12df9ebe6a883e4a |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.48-1 | 6.12.48-1 |
| linux | linux_kernel | >= 0 < 6.16.5-1 | 6.16.5-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-106.106 | 6.8.0-106.106 |
| linux | linux_kernel | >= 2.6.28 < 5.4.298 | 5.4.298 |
| linux | linux_kernel | >= 5.11 < 5.15.191 | 5.15.191 |
| linux | linux_kernel | >= 5.16 < 6.1.150 | 6.1.150 |
| linux | linux_kernel | >= 5.5 < 5.10.242 | 5.10.242 |
| linux | linux_kernel | >= 6.13 < 6.16.5 | 6.16.5 |
| linux | linux_kernel | >= 6.2 < 6.6.104 | 6.6.104 |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM