Security Flaw in Linux Kernel Affects Docker Implementations

CVE-2025-21834

Summary

A vulnerability in the Linux kernel impacts Docker environments by failing to properly filter the uretprobe system call within seccomp. When users attach uretprobes to processes in Docker, these processes may experience segmentation faults due to the default seccomp filters blocking an essential system call that is a kernel implementation detail. As it is designed solely for kernel operations and not intended for use by user-space applications, it is impractical to require applications to allow this call explicitly. The vulnerability underscores the necessity of revising seccomp filters to accommodate this system call without configuration dependency, ensuring stable operation of tracked processes.

References