CVE-2025-40021

Linux Kernel - Unauthenticated Dynamic Event Tracing via Missing Lockdown Check

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it should also check the lockdown status and reject if it is set.

Scores

EPSS 0.0019
EPSS Percentile 8.6%

Details

Status published
Products (22)
linux/Kernel 5.11.0 - 5.15.194linux
linux/Kernel 5.16.0 - 6.1.155linux
linux/Kernel 5.4.0 - 5.10.245linux
linux/Kernel 6.13.0 - 6.16.10linux
linux/Kernel 6.2.0 - 6.6.109linux
linux/Kernel 6.7.0 - 6.12.50linux
Linux/Linux < 5.4
Linux/Linux 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 - 07b1f63b5f86765793fab44d3d4c2be681cddafb
Linux/Linux 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 - 0d41604d2d53c1abe27fefb54b37a8f6642a4d74
Linux/Linux 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 - 3887f3814c0e770e6b73567fe0f83a2c01a6470c
... and 12 more
Published Oct 24, 2025
Tracked Since Feb 18, 2026