CVE-2025-22035
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's tracing subsystem allows local attackers to potentially crash the system or execute arbitrary code. This affects systems with kernel tracing enabled, primarily impacting Linux servers and workstations where users have local access.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, leading to complete system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
No impact if kernel tracing is disabled or proper access controls prevent local users from modifying tracer settings.
🎯 Exploit Status
Exploitation requires local access and ability to modify tracer settings. The vulnerability was discovered during stress testing and requires specific timing conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 099ef3385800828b74933a96c117574637c3fb3a and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/099ef3385800828b74933a96c117574637c3fb3a
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable kernel tracing
linuxDisable function_graph tracer and related tracing features to prevent exploitation
echo nop > /sys/kernel/debug/tracing/current_tracer
echo 0 > /sys/kernel/debug/tracing/tracing_on
Restrict tracing access
linuxLimit access to tracing debugfs interface to privileged users only
chmod 700 /sys/kernel/debug/tracing
chown root:root /sys/kernel/debug/tracing
🧯 If You Can't Patch
- Disable kernel tracing functionality via kernel boot parameters (e.g., adding 'trace_event=disable' to kernel command line)
- Implement strict access controls to prevent non-privileged users from accessing /sys/kernel/debug/tracing
🔍 How to Verify
Check if Vulnerable:
Check if kernel version is before patched commits: uname -r and compare with distribution security advisoriesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: grep -q '099ef3385800828b74933a96c117574637c3fb3a' /proc/version_signature || echo 'Check kernel source'📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes during tracer switching
- Unexpected kernel panics
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("use-after-free" OR "UAF" OR "general protection fault" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/099ef3385800828b74933a96c117574637c3fb3a
- https://git.kernel.org/stable/c/42561fe62c3628ea3bc9623f64f047605e98857f
- https://git.kernel.org/stable/c/70be951bc01e4a0e10d443f3510bb17426f257fb
- https://git.kernel.org/stable/c/7f81f27b1093e4895e87b74143c59c055c3b1906
- https://git.kernel.org/stable/c/81a85b12132c8ffe98f5ddbdc185481790aeaa1b
- https://git.kernel.org/stable/c/a2cce54c1748216535dda02e185d07a084be837e
- https://git.kernel.org/stable/c/c85efe6e13743cac6ba4ccf144cb91f44c86231a
- https://git.kernel.org/stable/c/de7b309139f862a44379ecd96e93c9133c69f813
- https://git.kernel.org/stable/c/f14752d66056d0c7bffe5092130409417d3baa70
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
