CVE-2025-22035

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue was found in the Linux kernel's tracing functionality, specifically in the print graph function flags() function during tracer switching. This issue can be reproduced by executing a script that switches tracers while a cat command is running in the background. The root cause lies in the two calls to print graph function flags() within print trace line(), where one call is not updated during tracer switching, allowing the use of an invalid pointer. The issue can be triggered by switching from the 'function graph' tracer to the 'timerlat' tracer.

Recommendations To fix this issue, set iter->private to NULL immediately after freeing it in graph trace close(), ensuring that an invalid pointer is not passed to other tracers. Additionally, clean up the unnecessary iter->private = NULL during each 'cat trace' when using wakeup and irqsoff tracers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.