CVE-2025-39689

EPSS 0.02%
Veröffentlicht 05.09.2025 17:20:55
Zuletzt bearbeitet 12.05.2026 13:17:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ftrace: Also allocate and copy hash for reading of filter files

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Also allocate and copy hash for reading of filter files

Currently the reader of set_ftrace_filter and set_ftrace_notrace just adds
the pointer to the global tracer hash to its iterator. Unlike the writer
that allocates a copy of the hash, the reader keeps the pointer to the
filter hashes. This is problematic because this pointer is static across
function calls that release the locks that can update the global tracer
hashes. This can cause UAF and similar bugs.

Allocate and copy the hash for reading the filter files like it is done
for the writers. This not only fixes UAF bugs, but also makes the code a
bit simpler as it doesn't have to differentiate when to free the
iterator's hash between writers and readers.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

NVD 10 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.12 < 5.4.297

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.241

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.190

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.149

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.103

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.44

Linux ≫ Linux Kernel Version >= 6.13 < 6.16.4

Linux ≫ Linux Kernel Version6.17 Updaterc1

Linux ≫ Linux Kernel Version6.17 Updaterc2

Debian ≫ Debian Linux Version11.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/12064e1880fc9202be75ff668205b1703d92f74f

Patch

https://git.kernel.org/stable/c/c4cd93811e038d19f961985735ef7bb128078dfb

Patch

https://git.kernel.org/stable/c/e0b6b223167e1edde5c82edf38e393c06eda1f13

Patch

https://git.kernel.org/stable/c/a40c69f4f1ed96acbcd62e9b5ff3a596f0a91309

Patch

https://git.kernel.org/stable/c/3b114a3282ab1a12cb4618a8f45db5d7185e784a

Patch

https://git.kernel.org/stable/c/c591ba1acd081d4980713e47869dd1cc3d963d19

Patch