Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race condition. The issue occurs because: CPU0 (ftrace_dump) CPU1 (reader) echo z > /proc/sysrq-trigger !trace_empty(&iter) trace_iterator_reset(&iter) <- len = size = 0 cat /sys/kernel/tracing/trace_pipe trace_find_next_entry_inc(&iter) __find_next_entry ring_buffer_empty_cpu <- all empty return NULL trace_printk_seq(&iter.seq) WARN_ON_ONCE(s->seq.len >= s->seq.size) In the context between trace_empty() and trace_find_next_entry_inc() during ftrace_dump, the ring buffer data was consumed by other readers. This caused trace_find_next_entry_inc to return NULL, failing to populate `iter.seq`. At this point, due to the prior trace_iterator_reset, both `iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal, the WARN_ON_ONCE condition is triggered. Move the trace_printk_seq() into the if block that checks to make sure the return value of trace_find_next_entry_inc() is non-NULL in ftrace_dump_one(), ensuring the 'iter.seq' is properly populated before subsequent operations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.28, < 5.4.298 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/28c8fb7ae2ad27d81c8de3c4fe608c509f6a18aaPatch
- https://git.kernel.org/stable/c/4013aef2ced9b756a410f50d12df9ebe6a883e4aPatch
- https://git.kernel.org/stable/c/5ab0ec206deb99eb3baf8f1d7602aeaa91dbcc85Patch
- https://git.kernel.org/stable/c/a6f0f8873cc30fd4543b09adf03f7f51d293f0e6Patch
- https://git.kernel.org/stable/c/ced94e137e6cd5e79c65564841d3b7695d0f5fa3Patch
- https://git.kernel.org/stable/c/e80ff23ba8bdb0f41a1afe2657078e4097d13a9aPatch
- https://git.kernel.org/stable/c/f299353e7ccbcc5c2ed8993c48fbe7609cbe729aPatch
- https://git.kernel.org/stable/c/fbd4cf7ee4db65ef36796769fe978e9eba6f0de4Patch
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlThird Party Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-032379.html
FAQ
What is CVE-2025-39813?
CVE-2025-39813 is a vulnerability with a CVSS score of 4.7 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trac...
How severe is CVE-2025-39813?
CVE-2025-39813 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-39813?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.