CVE-2025-40021
Linux Kernel - Unauthenticated Dynamic Event Tracing via Missing Lockdown Check
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it should also check the lockdown status and reject if it is set.
References (7)
Core 7
Core References
Scores
EPSS
0.0019
EPSS Percentile
8.6%
Details
Status
published
Products (22)
linux/Kernel
5.11.0 - 5.15.194linux
linux/Kernel
5.16.0 - 6.1.155linux
linux/Kernel
5.4.0 - 5.10.245linux
linux/Kernel
6.13.0 - 6.16.10linux
linux/Kernel
6.2.0 - 6.6.109linux
linux/Kernel
6.7.0 - 6.12.50linux
Linux/Linux
< 5.4
Linux/Linux
17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 - 07b1f63b5f86765793fab44d3d4c2be681cddafb
Linux/Linux
17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 - 0d41604d2d53c1abe27fefb54b37a8f6642a4d74
Linux/Linux
17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 - 3887f3814c0e770e6b73567fe0f83a2c01a6470c
... and 12 more
Published
Oct 24, 2025
Tracked Since
Feb 18, 2026