CVE-2025-21840

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header<br /> <br /> The intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY<br /> attribute to receive HFI events from kernel space, encounters a<br /> segmentation fault after commit 1773572863c4 ("thermal: netlink: Add the<br /> commands and the events for the thresholds").<br /> <br /> The issue arises because the THERMAL_GENL_ATTR_CPU_CAPABILITY raw value<br /> was changed while intel_lpmd still uses the old value.<br /> <br /> Although intel_lpmd can be updated to check the THERMAL_GENL_VERSION and<br /> use the appropriate THERMAL_GENL_ATTR_CPU_CAPABILITY value, the commit<br /> itself is questionable.<br /> <br /> The commit introduced a new element in the middle of enum thermal_genl_attr,<br /> which affects many existing attributes and introduces potential risks<br /> and unnecessary maintenance burdens for userspace thermal netlink event<br /> users.<br /> <br /> Solve the issue by moving the newly introduced<br /> THERMAL_GENL_ATTR_TZ_PREV_TEMP attribute to the end of the<br /> enum thermal_genl_attr. This ensures that all existing thermal generic<br /> netlink attributes remain unaffected.<br /> <br /> [ rjw: Subject edits ]