CVE-2025-21840

In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault after commit 1773572863c4 ("thermal: netlink: Add the commands and the events for the thresholds"). The issue arises because the THERMAL_GENL_ATTR_CPU_CAPABILITY raw value was changed while intel_lpmd still uses the old value. Although intel_lpmd can be updated to check the THERMAL_GENL_VERSION and use the appropriate THERMAL_GENL_ATTR_CPU_CAPABILITY value, the commit itself is questionable. The commit introduced a new element in the middle of enum thermal_genl_attr, which affects many existing attributes and introduces potential risks and unnecessary maintenance burdens for userspace thermal netlink event users. Solve the issue by moving the newly introduced THERMAL_GENL_ATTR_TZ_PREV_TEMP attribute to the end of the enum thermal_genl_attr. This ensures that all existing thermal generic netlink attributes remain unaffected. [ rjw: Subject edits ]

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3a4ca365c51729143a2cab693cd40fe0bb585ef0	Patch
https://git.kernel.org/stable/c/c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::

History

No history.

Information

Published : 2025-03-07 09:15

Updated : 2025-10-29 21:09

NVD link : CVE-2025-21840

Mitre link : CVE-2025-21840

CVE.ORG link : CVE-2025-21840

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-21840", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-03-07T09:15:17.033", "references": [{"url": "https://git.kernel.org/stable/c/3a4ca365c51729143a2cab693cd40fe0bb585ef0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header\n\nThe intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY\nattribute to receive HFI events from kernel space, encounters a\nsegmentation fault after commit 1773572863c4 (\"thermal: netlink: Add the\ncommands and the events for the thresholds\").\n\nThe issue arises because the THERMAL_GENL_ATTR_CPU_CAPABILITY raw value\nwas changed while intel_lpmd still uses the old value.\n\nAlthough intel_lpmd can be updated to check the THERMAL_GENL_VERSION and\nuse the appropriate THERMAL_GENL_ATTR_CPU_CAPABILITY value, the commit\nitself is questionable.\n\nThe commit introduced a new element in the middle of enum thermal_genl_attr,\nwhich affects many existing attributes and introduces potential risks\nand unnecessary maintenance burdens for userspace thermal netlink event\nusers.\n\nSolve the issue by moving the newly introduced\nTHERMAL_GENL_ATTR_TZ_PREV_TEMP attribute to the end of the\nenum thermal_genl_attr. This ensures that all existing thermal generic\nnetlink attributes remain unaffected.\n\n[ rjw: Subject edits ]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: thermal/netlink: Prevenir un error de segmentaci\u00f3n del espacio de usuario ajustando el encabezado UAPI La herramienta intel-lpmd [1], que utiliza el atributo THERMAL_GENL_ATTR_CPU_CAPABILITY para recibir eventos HFI desde el espacio del kernel, encuentra un error de segmentaci\u00f3n despu\u00e9s de el commit 1773572863c4 (\"thermal: netlink: Agregar los comandos y los eventos para los umbrales\"). El problema surge porque se cambi\u00f3 el valor sin procesar de THERMAL_GENL_ATTR_CPU_CAPABILITY mientras que intel_lpmd todav\u00eda usa el valor anterior. Aunque intel_lpmd se puede actualizar para verificar THERMAL_GENL_VERSION y usar el valor THERMAL_GENL_ATTR_CPU_CAPABILITY apropiado, el commit en s\u00ed es cuestionable. El commit introdujo un nuevo elemento en el medio de la enumeraci\u00f3n thermal_genl_attr, que afecta a muchos atributos existentes e introduce riesgos potenciales y cargas de mantenimiento innecesarias para los usuarios del evento de enlace de red t\u00e9rmico del espacio de usuario. Resuelva el problema moviendo el atributo THERMAL_GENL_ATTR_TZ_PREV_TEMP recientemente introducido al final de la enumeraci\u00f3n thermal_genl_attr. Esto garantiza que todos los atributos de enlace de red gen\u00e9ricos t\u00e9rmicos existentes permanezcan inalterados. [ rjw: Ediciones del sujeto ]"}], "lastModified": "2025-10-29T21:09:14.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A2093ED-74A9-43F9-AC72-50030F374EA4", "versionEndExcluding": "6.13.4", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}