CVE-2025-1272 is a vulnerability in Fedora Linux kernel versions starting from 6.12.1-200.fc41 and 6.12.4-100.fc40, where the kernel lockdown mode is disabled silently without any warning. Kernel lockdown is a security feature intended to restrict access to critical kernel interfaces and prevent unauthorized kernel modifications, especially in environments enforcing Secure Boot. The absence of lockdown mode allows attackers with elevated privileges to access sensitive kernel internals such as kernel memory mappings, I/O ports, Berkeley Packet Filter (BPF), and kernel probes (kprobes). Furthermore, this vulnerability permits loading unsigned kernel modules, which can lead to execution of arbitrary, untrusted code, effectively breaking Secure Boot protections that rely on module signature verification. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) and has a CVSS v3.1 score of 7.7 (high severity), reflecting its significant impact on confidentiality, integrity, and availability. Exploitation requires local privileged access and user interaction, and it affects only Fedora Linux distributions running the specified kernel versions. No patches or exploits are currently publicly available, but the risk remains substantial due to the potential for privilege escalation and kernel compromise.

The vulnerability allows attackers with elevated privileges to bypass kernel lockdown protections, exposing sensitive kernel memory and interfaces that could be leveraged for further privilege escalation or data exfiltration. The ability to load unsigned kernel modules undermines Secure Boot, a critical security mechanism that ensures only trusted code runs at boot time. This can lead to persistent kernel-level rootkits or malware, severely compromising system integrity and availability. Organizations relying on Fedora Linux in sensitive environments, such as servers, cloud infrastructure, or security-critical systems, face increased risk of kernel compromise, data breaches, and disruption of services. The scope is limited to Fedora Linux users running affected kernel versions, but the impact on affected systems is severe, potentially affecting confidentiality, integrity, and availability of critical systems.

1. Monitor Fedora Project advisories closely and apply kernel updates or patches as soon as they become available to restore proper lockdown functionality. 2. Until patches are released, restrict access to systems running affected Fedora versions by enforcing strict privilege separation and limiting local administrative access. 3. Employ additional host-based security controls such as Mandatory Access Control (e.g., SELinux) to limit kernel interface access. 4. Disable or restrict loading of kernel modules where possible, and monitor kernel module loading events for suspicious activity. 5. Use hardware-based security features like TPM and Secure Boot in conjunction with system integrity monitoring to detect unauthorized kernel modifications. 6. Conduct regular audits of privileged user activities and kernel module usage to detect potential exploitation attempts. 7. Consider temporary migration to unaffected Fedora versions or alternative Linux distributions if feasible until a patch is available.