CVE-2025-21840

07.03.2025, 09:15

In the Linux kernel, the following vulnerability has been resolved:

thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header

The intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY
attribute to receive HFI events from kernel space, encounters a
segmentation fault after commit 1773572863c4 ("thermal: netlink: Add the
commands and the events for the thresholds").

The issue arises because the THERMAL_GENL_ATTR_CPU_CAPABILITY raw value
was changed while intel_lpmd still uses the old value.

Although intel_lpmd can be updated to check the THERMAL_GENL_VERSION and
use the appropriate THERMAL_GENL_ATTR_CPU_CAPABILITY value, the commit
itself is questionable.

The commit introduced a new element in the middle of enum thermal_genl_attr,
which affects many existing attributes and introduces potential risks
and unnecessary maintenance burdens for userspace thermal netlink event
users.

Solve the issue by moving the newly introduced
THERMAL_GENL_ATTR_TZ_PREV_TEMP attribute to the end of the
enum thermal_genl_attr. This ensures that all existing thermal generic
netlink attributes remain unaffected.

[ rjw: Subject edits ]

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Vendor	Product	Version
linux	linux_kernel	6.13 ≤ 𝑥 < 6.13.4
linux	linux_kernel	6.14:rc1
linux	linux_kernel	6.14:rc2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.244-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.9-1 fixed
sid	6.17.10-1 fixed

References

https://git.kernel.org/stable/c/3a4ca365c51729143a2cab693cd40fe0bb585ef0

https://git.kernel.org/stable/c/c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b