fkie_cve-2025-39813
Vulnerability from fkie_nvd
Published
2025-09-16 13:15
Modified
2025-11-03 18:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race condition. The issue occurs because: CPU0 (ftrace_dump) CPU1 (reader) echo z > /proc/sysrq-trigger !trace_empty(&iter) trace_iterator_reset(&iter) <- len = size = 0 cat /sys/kernel/tracing/trace_pipe trace_find_next_entry_inc(&iter) __find_next_entry ring_buffer_empty_cpu <- all empty return NULL trace_printk_seq(&iter.seq) WARN_ON_ONCE(s->seq.len >= s->seq.size) In the context between trace_empty() and trace_find_next_entry_inc() during ftrace_dump, the ring buffer data was consumed by other readers. This caused trace_find_next_entry_inc to return NULL, failing to populate `iter.seq`. At this point, due to the prior trace_iterator_reset, both `iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal, the WARN_ON_ONCE condition is triggered. Move the trace_printk_seq() into the if block that checks to make sure the return value of trace_find_next_entry_inc() is non-NULL in ftrace_dump_one(), ensuring the 'iter.seq' is properly populated before subsequent operations.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4013aef2ced9b756a410f50d12df9ebe6a883e4a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a6f0f8873cc30fd4543b09adf03f7f51d293f0e6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ced94e137e6cd5e79c65564841d3b7695d0f5fa3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e80ff23ba8bdb0f41a1afe2657078e4097d13a9a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f299353e7ccbcc5c2ed8993c48fbe7609cbe729a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fbd4cf7ee4db65ef36796769fe978e9eba6f0de4
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump)                              CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n                                                cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n  __find_next_entry\n    ring_buffer_empty_cpu \u003c- all empty\n  return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n  WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations."
    }
  ],
  "id": "CVE-2025-39813",
  "lastModified": "2025-11-03T18:16:48.367",
  "metrics": {},
  "published": "2025-09-16T13:15:55.150",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aa"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4013aef2ced9b756a410f50d12df9ebe6a883e4a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a6f0f8873cc30fd4543b09adf03f7f51d293f0e6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ced94e137e6cd5e79c65564841d3b7695d0f5fa3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e80ff23ba8bdb0f41a1afe2657078e4097d13a9a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f299353e7ccbcc5c2ed8993c48fbe7609cbe729a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fbd4cf7ee4db65ef36796769fe978e9eba6f0de4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.