CVE-2025-21840 Information

Description

In the Linux kernel the following vulnerability has been resolved:

thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header

The intel-lpmd tool [1] which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY attribute to receive HFI events from kernel space encounters a segmentation fault after commit 1773572863c4 ( hermal: netlink: Add the commands and the events for the thresholds).

The issue arises because the THERMAL_GENL_ATTR_CPU_CAPABILITY raw value was changed while intel_lpmd still uses the old value.

Although intel_lpmd can be updated to check the THERMAL_GENL_VERSION and use the appropriate THERMAL_GENL_ATTR_CPU_CAPABILITY value the commit itself is questionable.

The commit introduced a new element in the middle of enum thermal_genl_attr which affects many existing attributes and introduces potential risks and unnecessary maintenance burdens for userspace thermal netlink event users.

Solve the issue by moving the newly introduced THERMAL_GENL_ATTR_TZ_PREV_TEMP attribute to the end of the enum thermal_genl_attr. This ensures that all existing thermal generic netlink attributes remain unaffected.

[ rjw: Subject edits ]

Reference

https://git.kernel.org/stable/c/3a4ca365c51729143a2cab693cd40fe0bb585ef0 https://git.kernel.org/stable/c/c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b