PT-2025-43617 · Linux+3 · Linux Kernel+3

Published

2025-09-24

·

Updated

2026-05-07

·

CVE-2025-40021

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel has an issue where the dynamic events interface on tracefs does not check the lockdown status, potentially allowing unauthorized access. This interface is compatible with kprobe events and uprobe events, and should also enforce lockdown restrictions.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Weakness Enumeration

CWE-371

Related Identifiers

AZL-68811
BDU:2026-02700
CVE-2025-40021
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-0FC4-6C09-043E
MGASA-2025-0309
MGASA-2025-0310
OESA-2025-2632
OESA-2025-2633
OESA-2025-2634
OESA-2025-2635
OESA-2025-2636
OPENSUSE-SU-2025:20172-1
SUSE-SU-2025:4393-1
SUSE-SU-2025:4422-1
SUSE-SU-2025:4505-1
SUSE-SU-2025:4516-1
SUSE-SU-2025:4517-1
SUSE-SU-2025:4521-1
SUSE-SU-2026:20012-1
SUSE-SU-2026:20015-1
SUSE-SU-2026:20021-1
SUSE-SU-2026:20039-1
SUSE-SU-2026:20059-1
SUSE-SU-2026:20473-1
SUSE-SU-2026:20496-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu