Kernel Vulnerability in Linux for Trace Event Management by Linux Foundation
CVE-2025-38539

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38539?

A race condition has been identified in the Linux kernel related to the management of trace events during module loading. When multiple modules attempt to load simultaneously, they can interfere with the ftrace_events list, potentially leading to corruption and instability in the kernel. This occurs during the modification of the printk format strings associated with these trace events. To mitigate this issue, a write lock on the trace_event_sem semaphore should be acquired during event addition, ensuring consistent access to shared resources and preventing kernel crashes.

Affected Version(s)

Linux 110bf2b764eb6026b868d84499263cb24b1bcc8d < 7803b28c9aa8d8bd4e19ebcf5f0db9612b0f333b

Linux 110bf2b764eb6026b868d84499263cb24b1bcc8d < 6bc94f20a4c304997288f9a45278c9d0c06987d3

Linux 110bf2b764eb6026b868d84499263cb24b1bcc8d < 33e20747b47ddc03569b6bc27a2d6894c1428182

References

https://git.kernel.org/stable/c/7803b28c9aa8d8bd4e19ebcf5...

https://git.kernel.org/stable/c/6bc94f20a4c304997288f9a45...

https://git.kernel.org/stable/c/33e20747b47ddc03569b6bc27...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025