CVE-2025-40355

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sysfs: check visibility before changing group attribute ownership<br /> <br /> Since commit 0c17270f9b92 ("net: sysfs: Implement is_visible for<br /> phys_(port_id, port_name, switch_id)"), __dev_change_net_namespace() can<br /> hit WARN_ON() when trying to change owner of a file that isn&amp;#39;t visible.<br /> See the trace below:<br /> <br /> WARNING: CPU: 6 PID: 2938 at net/core/dev.c:12410 __dev_change_net_namespace+0xb89/0xc30<br /> CPU: 6 UID: 0 PID: 2938 Comm: incusd Not tainted 6.17.1-1-mainline #1 PREEMPT(full) 4b783b4a638669fb644857f484487d17cb45ed1f<br /> Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.07 02/19/2025<br /> RIP: 0010:__dev_change_net_namespace+0xb89/0xc30<br /> [...]<br /> Call Trace:<br /> <br /> ? if6_seq_show+0x30/0x50<br /> do_setlink.isra.0+0xc7/0x1270<br /> ? __nla_validate_parse+0x5c/0xcc0<br /> ? security_capable+0x94/0x1a0<br /> rtnl_newlink+0x858/0xc20<br /> ? update_curr+0x8e/0x1c0<br /> ? update_entity_lag+0x71/0x80<br /> ? sched_balance_newidle+0x358/0x450<br /> ? psi_task_switch+0x113/0x2a0<br /> ? __pfx_rtnl_newlink+0x10/0x10<br /> rtnetlink_rcv_msg+0x346/0x3e0<br /> ? sched_clock+0x10/0x30<br /> ? __pfx_rtnetlink_rcv_msg+0x10/0x10<br /> netlink_rcv_skb+0x59/0x110<br /> netlink_unicast+0x285/0x3c0<br /> ? __alloc_skb+0xdb/0x1a0<br /> netlink_sendmsg+0x20d/0x430<br /> ____sys_sendmsg+0x39f/0x3d0<br /> ? import_iovec+0x2f/0x40<br /> ___sys_sendmsg+0x99/0xe0<br /> __sys_sendmsg+0x8a/0xf0<br /> do_syscall_64+0x81/0x970<br /> ? __sys_bind+0xe3/0x110<br /> ? syscall_exit_work+0x143/0x1b0<br /> ? do_syscall_64+0x244/0x970<br /> ? sock_alloc_file+0x63/0xc0<br /> ? syscall_exit_work+0x143/0x1b0<br /> ? do_syscall_64+0x244/0x970<br /> ? alloc_fd+0x12e/0x190<br /> ? put_unused_fd+0x2a/0x70<br /> ? do_sys_openat2+0xa2/0xe0<br /> ? syscall_exit_work+0x143/0x1b0<br /> ? do_syscall_64+0x244/0x970<br /> ? exc_page_fault+0x7e/0x1a0<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> [...]<br /> <br /> <br /> Fix this by checking is_visible() before trying to touch the attribute.