CVE-2025-1272

EUVD-2025-207808

18.02.2026, 21:16

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.7 HIGH	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.172-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.251-5 fixed
forky	7.0.7-1 fixed
sid	7.0.7-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.88-1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

kernel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-debug

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-debug-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-debug-devel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-debug-devel-matched

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-debug-modules

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-debug-modules-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-debug-modules-extra

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-devel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-devel-matched

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-modules

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-modules-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-64k-modules-extra

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-abi-stablelists

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-debug

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-debug-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-debug-devel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-debug-devel-matched

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-debug-modules

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-debug-modules-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-debug-modules-extra

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-debug-uki-virt

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-devel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-devel-matched

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-doc

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-modules

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-modules-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-modules-extra

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-debug

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-debug-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-debug-devel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-debug-modules

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-debug-modules-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-debug-modules-extra

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-devel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-modules

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-modules-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-64k-modules-extra

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-debug

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-debug-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-debug-devel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-debug-kvm

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-debug-modules

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-debug-modules-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-debug-modules-extra

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-devel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-kvm

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-modules

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-modules-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-rt-modules-extra

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-tools

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-tools-libs

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-tools-libs-devel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-uki-virt

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-uki-virt-addons

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-zfcpdump

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-zfcpdump-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-zfcpdump-devel

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-zfcpdump-devel-matched

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-zfcpdump-modules

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-zfcpdump-modules-core

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

kernel-zfcpdump-modules-extra

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

libperf

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

perf

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

python3-perf

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

rtla

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

RHEL 9

0:5.14.0-570.12.1.el9_6

fixed

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://access.redhat.com/errata/RHSA-2025:6966

https://access.redhat.com/security/cve/CVE-2025-1272

https://bugzilla.redhat.com/show_bug.cgi?id=2345615