Acknowledged
Created: Sep 7, 2025
Updated: Sep 8, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]ftrace: Also allocate and copy hash for reading of filter files[EOL][EOL]Currently the reader of set_ftrace_filter and set_ftrace_notrace just adds[EOL]the pointer to the global tracer hash to its iterator. Unlike the writer[EOL]that allocates a copy of the hash, the reader keeps the pointer to the[EOL]filter hashes. This is problematic because this pointer is static across[EOL]function calls that release the locks that can update the global tracer[EOL]hashes. This can cause UAF and similar bugs.[EOL][EOL]Allocate and copy the hash for reading the filter files like it is done[EOL]for the writers. This not only fixes UAF bugs, but also makes the code a[EOL]bit simpler as it doesn't have to differentiate when to free the[EOL]iterator's hash between writers and readers.
CREATE(Triage):(User=admin) [CVE-2025-39689 (https://nvd.nist.gov/vuln/detail/CVE-2025-39689)
