CVE-2025-37940
📋 TL;DR
A denial-of-service vulnerability in the Linux kernel's ftrace subsystem where processing a large number of traceable functions can cause a softlockup condition, making the system unresponsive. This affects Linux systems with ftrace enabled and many kernel functions available for tracing. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system lockup requiring hard reboot, potentially causing data loss or service disruption.
Likely Case
Temporary system unresponsiveness when ftrace operations are performed on systems with many kernel functions.
If Mitigated
Minimal impact as the vulnerability requires local access and specific ftrace operations.
🎯 Exploit Status
Exploitation requires local access and ability to use ftrace functionality. No privilege escalation involved.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 1fce9574b9d515bcb8a75379a8053e18602424e3, 42ea22e754ba4f2b86f8760ca27f6f71da2d982c, 4429535acab750d963fdc3dfcc9e0eee42f4d599, 5d336ac215e5c76e43ef4bca9ba699835e53e2fd, 618655d54c5f8af5d57b77491d08c0f0ff77d114
Vendor Advisory: https://git.kernel.org/stable/c/1fce9574b9d515bcb8a75379a8053e18602424e3
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Reboot the system. 3. Verify the kernel version after reboot.
🔧 Temporary Workarounds
Disable ftrace
linuxDisable the ftrace subsystem to prevent exploitation
echo 0 > /sys/kernel/debug/tracing/tracing_on
echo nop > /sys/kernel/debug/tracing/current_tracer
Restrict ftrace access
linuxLimit which users can access ftrace functionality
chmod 600 /sys/kernel/debug/tracing/*
setfacl -m u:root:rwx /sys/kernel/debug/tracing/
🧯 If You Can't Patch
- Restrict access to ftrace debugfs interface to root only
- Monitor system for softlockup warnings in kernel logs
🔍 How to Verify
Check if Vulnerable:
Check if ftrace is enabled and accessible: ls -la /sys/kernel/debug/tracing/Check Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: uname -r and verify against patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel softlockup messages in /var/log/kern.log or dmesg
- 'BUG: soft lockup' warnings
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND "soft lockup" AND "ftrace"🔗 References
- https://git.kernel.org/stable/c/1fce9574b9d515bcb8a75379a8053e18602424e3
- https://git.kernel.org/stable/c/42ea22e754ba4f2b86f8760ca27f6f71da2d982c
- https://git.kernel.org/stable/c/4429535acab750d963fdc3dfcc9e0eee42f4d599
- https://git.kernel.org/stable/c/5d336ac215e5c76e43ef4bca9ba699835e53e2fd
- https://git.kernel.org/stable/c/618655d54c5f8af5d57b77491d08c0f0ff77d114
- https://git.kernel.org/stable/c/72be43ff061a889c6ee648a330a42486cafa15a6
- https://git.kernel.org/stable/c/8dd7d7280357596ba63dfdb4c1725d9dd24bd42a
- https://git.kernel.org/stable/c/dd38803c9088b848c6b56f4f6d7efc4497bfde61
- https://git.kernel.org/stable/c/e5b4ae6f01d4a510d5725eca7254519a1093920d
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
