CVE-2025-38539
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/08/2025
Last modified:
07/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
tracing: Add down_write(trace_event_sem) when adding trace event<br />
<br />
When a module is loaded, it adds trace events defined by the module. It<br />
may also need to modify the modules trace printk formats to replace enum<br />
names with their values.<br />
<br />
If two modules are loaded at the same time, the adding of the event to the<br />
ftrace_events list can corrupt the walking of the list in the code that is<br />
modifying the printk format strings and crash the kernel.<br />
<br />
The addition of the event should take the trace_event_sem for write while<br />
it adds the new event.<br />
<br />
Also add a lockdep_assert_held() on that semaphore in<br />
__trace_add_event_dirs() as it iterates the list.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.31 (including) | 5.4.297 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.241 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.190 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.147 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.100 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.40 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.8 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/33e20747b47ddc03569b6bc27a2d6894c1428182
- https://git.kernel.org/stable/c/6bc94f20a4c304997288f9a45278c9d0c06987d3
- https://git.kernel.org/stable/c/70fecd519caad0c1741c3379d5348c9000a5b29d
- https://git.kernel.org/stable/c/7803b28c9aa8d8bd4e19ebcf5f0db9612b0f333b
- https://git.kernel.org/stable/c/b5e8acc14dcb314a9b61ff19dcd9fdd0d88f70df
- https://git.kernel.org/stable/c/ca60064ea03f14e06c763de018403cb56ba3207d
- https://git.kernel.org/stable/c/db45632479ceecb669612ed8dbce927e3c6279fc
- https://git.kernel.org/stable/c/e70f5ee4c8824736332351b703c46f9469ed7f6c
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html