CVE-2025-39829
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftrace_suspend_notifier_call already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:23 notifier_chain_register+0x44/0xb0 ... Call Trace: <TASK> blocking_notifier_chain_register+0x34/0x60 register_ftrace_graph+0x330/0x410 ftrace_profile_write+0x1e9/0x340 vfs_write+0xf8/0x420 ? filp_flush+0x8a/0xa0 ? filp_close+0x1f/0x30 ? do_dup2+0xaf/0x160 ksys_write+0x65/0xe0 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x77/0x7f When writing to the function_profile_enabled interface, the notifier was not unregistered after start_graph_tracing failed, causing a warning the next time function_profile_enabled was written. Fixed by adding unregister_pm_notifier in the exception path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-02
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39829
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 2.6.30 (inc) to 6.12.45 (exc)
linux linux_kernel From 6.13 (inc) to 6.16.5 (exc)
linux linux_kernel 6.17
linux linux_kernel 6.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves a missing unregister notifier in the trace/fgraph component. Specifically, when writing to the function_profile_enabled interface, if start_graph_tracing fails, the notifier is not unregistered properly. This causes a warning to appear the next time function_profile_enabled is written, indicating that the notifier callback was already registered. The issue was fixed by adding an unregister_pm_notifier call in the exception path to ensure proper cleanup.

Impact Analysis

The vulnerability causes a warning in the kernel related to notifier callback registration, which may indicate improper resource handling or potential instability during tracing operations. While it does not describe a direct security exploit, such warnings can lead to unexpected behavior or system instability during function profiling or tracing activities.

Detection Guidance

This vulnerability manifests as a warning in the Linux kernel logs related to the notifier callback being already registered. To detect it, you can check the kernel log messages for warnings like: 'notifier callback ftrace_suspend_notifier_call already registered'. You can use the command: dmesg | grep 'notifier callback ftrace_suspend_notifier_call already registered' to find such warnings.

Mitigation Strategies

The vulnerability was fixed by adding unregister_pm_notifier in the exception path to ensure the notifier is properly unregistered after a failure. Immediate mitigation involves updating the Linux kernel to a version that includes this fix (post v6.16). Until then, monitoring for the warning and avoiding writing to function_profile_enabled interface repeatedly without proper cleanup may help reduce the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39829. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart