CVE-2025-39813
📋 TL;DR
This CVE describes a race condition in the Linux kernel's ftrace subsystem that can trigger a kernel warning when ftrace_dump is called concurrently with reading trace_pipe. The vulnerability affects Linux systems with ftrace enabled and could potentially be used to cause kernel instability or denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash if the warning triggers additional issues in a production environment, leading to denial of service.
Likely Case
Kernel warning messages in system logs and potential minor system instability during concurrent ftrace operations.
If Mitigated
No impact if ftrace is disabled or the system is patched; warning messages only in logs if triggered.
🎯 Exploit Status
Exploitation requires local access and specific timing conditions to trigger the race condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits referenced in the CVE
Vendor Advisory: https://git.kernel.org/stable/c/28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify ftrace functionality works without warnings.
🔧 Temporary Workarounds
Disable ftrace
allDisable the ftrace subsystem to prevent the race condition from being triggered.
echo 0 > /sys/kernel/debug/tracing/tracing_on
echo nop > /sys/kernel/debug/tracing/current_tracer
Restrict access to trace_pipe
allLimit access to /sys/kernel/tracing/trace_pipe to prevent concurrent reading during ftrace_dump operations.
chmod 600 /sys/kernel/tracing/trace_pipe
chown root:root /sys/kernel/tracing/trace_pipe
🧯 If You Can't Patch
- Monitor system logs for kernel warnings related to ftrace and investigate any occurrences.
- Implement strict access controls to prevent unauthorized users from accessing ftrace functionality.
🔍 How to Verify
Check if Vulnerable:
Check if ftrace is enabled and test concurrent access to trace_pipe during ftrace_dump operations while monitoring dmesg for warnings.Check Version:
uname -rVerify Fix Applied:
After patching, attempt to reproduce the race condition by running concurrent ftrace operations and verify no warnings appear in kernel logs.📡 Detection & Monitoring
Log Indicators:
- Kernel warning messages containing 'WARN_ON_ONCE' and 'trace_printk_seq' in dmesg or /var/log/kern.log
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND "WARN_ON_ONCE" AND "trace_printk_seq"🔗 References
- https://git.kernel.org/stable/c/28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa
- https://git.kernel.org/stable/c/4013aef2ced9b756a410f50d12df9ebe6a883e4a
- https://git.kernel.org/stable/c/5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85
- https://git.kernel.org/stable/c/a6f0f8873cc30fd4543b09adf03f7f51d293f0e6
- https://git.kernel.org/stable/c/ced94e137e6cd5e79c65564841d3b7695d0f5fa3
- https://git.kernel.org/stable/c/e80ff23ba8bdb0f41a1afe2657078e4097d13a9a
- https://git.kernel.org/stable/c/f299353e7ccbcc5c2ed8993c48fbe7609cbe729a
- https://git.kernel.org/stable/c/fbd4cf7ee4db65ef36796769fe978e9eba6f0de4
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
