{"id":"AZL-67383","summary":"CVE-2025-39813 affecting package kernel for versions less than 6.6.104.2-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(&iter)\ntrace_iterator_reset(&iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(&iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(&iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the 'iter.seq' is properly populated before\nsubsequent operations.","modified":"2026-04-01T05:21:11.813064Z","published":"2025-09-16T13:15:55Z","upstream":["CVE-2025-39813"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39813"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.104.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67383.json"}}],"schema_version":"1.7.5"}