CVE-2025-39813
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race condition. The issue occurs because: CPU0 (ftrace_dump) CPU1 (reader) echo z > /proc/sysrq-trigger !trace_empty(&iter) trace_iterator_reset(&iter) <- len = size = 0 cat /sys/kernel/tracing/trace_pipe trace_find_next_entry_inc(&iter) __find_next_entry ring_buffer_empty_cpu <- all empty return NULL trace_printk_seq(&iter.seq) WARN_ON_ONCE(s->seq.len >= s->seq.size) In the context between trace_empty() and trace_find_next_entry_inc() during ftrace_dump, the ring buffer data was consumed by other readers. This caused trace_find_next_entry_inc to return NULL, failing to populate `iter.seq`. At this point, due to the prior trace_iterator_reset, both `iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal, the WARN_ON_ONCE condition is triggered. Move the trace_printk_seq() into the if block that checks to make sure the return value of trace_find_next_entry_inc() is non-NULL in ftrace_dump_one(), ensuring the 'iter.seq' is properly populated before subsequent operations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39813
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
linux linux_kernel 5.10.244-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in the Linux kernel's ftrace subsystem. When ftrace_dump_one() is called concurrently with reading from trace_pipe, a WARN_ON_ONCE() warning can be triggered in trace_printk_seq() due to the ring buffer data being consumed by other readers between certain function calls. This causes trace_find_next_entry_inc() to return NULL and leaves iter.seq.len and iter.seq.size both set to 0, triggering the warning. The fix involves moving the call to trace_printk_seq() inside a conditional block that ensures iter.seq is properly populated before use.

Impact Analysis

This vulnerability can cause a warning (WARN_ON_ONCE) to be triggered in the kernel, which may indicate instability or unexpected behavior in the ftrace subsystem during concurrent tracing operations. While it does not describe a direct security breach or data loss, such warnings can lead to kernel log clutter, potential performance issues, or debugging difficulties.

Detection Guidance

This vulnerability can be detected by monitoring the kernel logs for WARN_ON_ONCE() warnings related to trace_printk_seq during concurrent access to ftrace_dump and trace_pipe. You can check the kernel log using commands like 'dmesg | grep WARN' or 'journalctl -k | grep WARN' to identify such warnings.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the fix has been applied. The fix involves moving the trace_printk_seq() call inside the conditional block that ensures the trace_find_next_entry_inc() returns non-NULL, preventing the WARN_ON_ONCE() from triggering due to the race condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39813. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart