CVE-2025-39813
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race condition.
The issue occurs because:
CPU0 (ftrace_dump) CPU1 (reader) echo z > /proc/sysrq-trigger
!trace_empty(&iter) trace_iterator_reset(&iter) <- len = size = 0 cat /sys/kernel/tracing/trace_pipe trace_find_next_entry_inc(&iter) __find_next_entry ring_buffer_empty_cpu <- all empty return NULL
trace_printk_seq(&iter.seq) WARN_ON_ONCE(s->seq.len >= s->seq.size)
In the context between trace_empty() and trace_find_next_entry_inc()
during ftrace_dump, the ring buffer data was consumed by other readers.
This caused trace_find_next_entry_inc to return NULL, failing to populate
iter.seq. At this point, due to the prior trace_iterator_reset, both
iter.seq.len and iter.seq.size were set to 0. Since they are equal,
the WARN_ON_ONCE condition is triggered.
Move the trace_printk_seq() into the if block that checks to make sure the return value of trace_find_next_entry_inc() is non-NULL in ftrace_dump_one(), ensuring the 'iter.seq' is properly populated before subsequent operations.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d769041f865330034131525ee6a7f72eb4af2a24 < f299353e7ccbcc5c2ed8993c48fbe7609cbe729a | affected |
| Linux | Linux | d769041f865330034131525ee6a7f72eb4af2a24 < 5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85 | affected |
| Linux | Linux | d769041f865330034131525ee6a7f72eb4af2a24 < a6f0f8873cc30fd4543b09adf03f7f51d293f0e6 | affected |
| Linux | Linux | d769041f865330034131525ee6a7f72eb4af2a24 < e80ff23ba8bdb0f41a1afe2657078e4097d13a9a | affected |
| Linux | Linux | d769041f865330034131525ee6a7f72eb4af2a24 < 28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa | affected |
| Linux | Linux | d769041f865330034131525ee6a7f72eb4af2a24 < ced94e137e6cd5e79c65564841d3b7695d0f5fa3 | affected |
| Linux | Linux | d769041f865330034131525ee6a7f72eb4af2a24 < fbd4cf7ee4db65ef36796769fe978e9eba6f0de4 | affected |
| Linux | Linux | d769041f865330034131525ee6a7f72eb4af2a24 < 4013aef2ced9b756a410f50d12df9ebe6a883e4a | affected |
| Linux | Linux | 2.6.28 | affected |
| Linux | Linux | 0 < 2.6.28 | unaffected |
| Linux | Linux | 5.4.298 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.242 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.191 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.150 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.104 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.45 <= 6.12.* | unaffected |
| Linux | Linux | 6.16.5 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Additional References
References
- https://git.kernel.org/stable/c/f299353e7ccbcc5c2ed8993c48fbe7609cbe729a
- https://git.kernel.org/stable/c/5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85
- https://git.kernel.org/stable/c/a6f0f8873cc30fd4543b09adf03f7f51d293f0e6
- https://git.kernel.org/stable/c/e80ff23ba8bdb0f41a1afe2657078e4097d13a9a
- https://git.kernel.org/stable/c/28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa
- https://git.kernel.org/stable/c/ced94e137e6cd5e79c65564841d3b7695d0f5fa3
- https://git.kernel.org/stable/c/fbd4cf7ee4db65ef36796769fe978e9eba6f0de4
- https://git.kernel.org/stable/c/4013aef2ced9b756a410f50d12df9ebe6a883e4a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.