CVE-2025-21733: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix resetting of tracepoints If a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD disabled, but then that option is enabled and timerlat is removed, the tracepoints that were enabled on timerlat registration do not get disabled. If the option is disabled again and timelat is started, then it triggers a warning in the tracepoint code due to registering the tracepoint again without ever disabling it. Do not use the same user space defined options to know to disable the tracepoints when timerlat is removed. Instead, set a global flag when it is enabled and use that flag to know to disable the events. ~# echo NO_OSNOISE_WORKLOAD > /sys/kernel/tracing/osnoise/options ~# echo timerlat > /sys/kernel/tracing/current_tracer ~# echo OSNOISE_WORKLOAD > /sys/kernel/tracing/osnoise/options ~# echo nop > /sys/kernel/tracing/current_tracer ~# echo NO_OSNOISE_WORKLOAD > /sys/kernel/tracing/osnoise/options ~# echo timerlat > /sys/kernel/tracing/current_tracer Triggers: ------------[ cut here ]------------ WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0 Modules linked in: CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:tracepoint_add_func+0x3b6/0x3f0 Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff <0f> 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202 RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410 RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002 R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001 R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008 FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0 Call Trace: <TASK> ? __warn.cold+0xb7/0x14d ? tracepoint_add_func+0x3b6/0x3f0 ? report_bug+0xea/0x170 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? __pfx_trace_sched_migrate_callback+0x10/0x10 ? tracepoint_add_func+0x3b6/0x3f0 ? __pfx_trace_sched_migrate_callback+0x10/0x10 ? __pfx_trace_sched_migrate_callback+0x10/0x10 tracepoint_probe_register+0x78/0xb0 ? __pfx_trace_sched_migrate_callback+0x10/0x10 osnoise_workload_start+0x2b5/0x370 timerlat_tracer_init+0x76/0x1b0 tracing_set_tracer+0x244/0x400 tracing_set_trace_write+0xa0/0xe0 vfs_write+0xfc/0x570 ? do_sys_openat2+0x9c/0xe0 ksys_write+0x72/0xf0 do_syscall_64+0x79/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e
AI Analysis
Technical Summary
CVE-2025-21733 is a vulnerability identified in the Linux kernel's tracing subsystem, specifically within the osnoise tracing module. The issue arises from improper handling of tracepoints when the timerlat tracer is started and stopped with the osnoise workload option toggled on and off. When the OSNOISE_WORKLOAD option is disabled and then enabled again, the tracepoints enabled during timerlat registration are not properly disabled upon removal of the timerlat tracer. This leads to a scenario where restarting the timerlat tracer triggers warnings in the tracepoint code due to attempts to register tracepoints that were never disabled. The root cause is the reliance on user-space defined options to determine whether to disable tracepoints, rather than using a global flag to track the enabled state. This flaw can cause kernel warnings and potentially unstable kernel behavior, as indicated by the kernel warning logs and call traces provided. While the vulnerability does not directly indicate a memory corruption or privilege escalation, the improper tracepoint management could lead to kernel instability or denial of service conditions. The vulnerability affects Linux kernel versions identified by the commit hash e88ed227f639ebcb31ed4e5b88756b47d904584b and similar builds. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The fix involves setting a global flag to track the enabled state of OSNOISE_WORKLOAD and using this flag to correctly disable tracepoints when the timerlat tracer is removed, preventing the tracepoint registration warnings and potential kernel instability.
Potential Impact
For European organizations, the impact of CVE-2025-21733 primarily concerns systems running vulnerable Linux kernel versions with tracing features enabled, especially those using the timerlat tracer with osnoise workload options. The vulnerability could lead to kernel warnings and instability, potentially causing system crashes or denial of service. This is particularly critical for environments relying on real-time or performance-sensitive Linux systems, such as telecommunications infrastructure, industrial control systems, and cloud service providers prevalent in Europe. Kernel instability can disrupt critical services, leading to operational downtime and potential data loss. Although no direct privilege escalation or remote code execution is indicated, the risk of denial of service or system reliability degradation can affect service availability and operational continuity. Organizations with stringent uptime requirements or those operating in regulated sectors (e.g., finance, healthcare, energy) may face compliance and reputational risks if systems are impacted. The absence of known exploits reduces immediate threat levels, but the vulnerability should be addressed proactively to prevent exploitation through indirect means or future attack vectors leveraging kernel instability.
Mitigation Recommendations
To mitigate CVE-2025-21733, European organizations should: 1) Apply the latest Linux kernel patches that address the tracepoint handling issue in the osnoise tracing module. Ensure kernel versions are updated beyond the affected commit hashes. 2) Audit and monitor systems using the timerlat tracer with osnoise workload options to detect abnormal kernel warnings or tracepoint registration errors. 3) Disable or avoid using the timerlat tracer with the osnoise workload option in production environments until patches are applied, especially on critical systems. 4) Implement kernel tracing and logging monitoring to catch early signs of kernel instability or warnings related to tracepoints. 5) For environments requiring tracing, validate that global flags or kernel parameters controlling tracepoint states are correctly set and managed. 6) Incorporate kernel update procedures into regular maintenance cycles, prioritizing systems with real-time or performance monitoring enabled. 7) Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment. These steps go beyond generic advice by focusing on the specific tracing subsystem and the operational context of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Italy, Spain, Poland
CVE-2025-21733: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix resetting of tracepoints If a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD disabled, but then that option is enabled and timerlat is removed, the tracepoints that were enabled on timerlat registration do not get disabled. If the option is disabled again and timelat is started, then it triggers a warning in the tracepoint code due to registering the tracepoint again without ever disabling it. Do not use the same user space defined options to know to disable the tracepoints when timerlat is removed. Instead, set a global flag when it is enabled and use that flag to know to disable the events. ~# echo NO_OSNOISE_WORKLOAD > /sys/kernel/tracing/osnoise/options ~# echo timerlat > /sys/kernel/tracing/current_tracer ~# echo OSNOISE_WORKLOAD > /sys/kernel/tracing/osnoise/options ~# echo nop > /sys/kernel/tracing/current_tracer ~# echo NO_OSNOISE_WORKLOAD > /sys/kernel/tracing/osnoise/options ~# echo timerlat > /sys/kernel/tracing/current_tracer Triggers: ------------[ cut here ]------------ WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0 Modules linked in: CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:tracepoint_add_func+0x3b6/0x3f0 Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff <0f> 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202 RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410 RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002 R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001 R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008 FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0 Call Trace: <TASK> ? __warn.cold+0xb7/0x14d ? tracepoint_add_func+0x3b6/0x3f0 ? report_bug+0xea/0x170 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? __pfx_trace_sched_migrate_callback+0x10/0x10 ? tracepoint_add_func+0x3b6/0x3f0 ? __pfx_trace_sched_migrate_callback+0x10/0x10 ? __pfx_trace_sched_migrate_callback+0x10/0x10 tracepoint_probe_register+0x78/0xb0 ? __pfx_trace_sched_migrate_callback+0x10/0x10 osnoise_workload_start+0x2b5/0x370 timerlat_tracer_init+0x76/0x1b0 tracing_set_tracer+0x244/0x400 tracing_set_trace_write+0xa0/0xe0 vfs_write+0xfc/0x570 ? do_sys_openat2+0x9c/0xe0 ksys_write+0x72/0xf0 do_syscall_64+0x79/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e
AI-Powered Analysis
Technical Analysis
CVE-2025-21733 is a vulnerability identified in the Linux kernel's tracing subsystem, specifically within the osnoise tracing module. The issue arises from improper handling of tracepoints when the timerlat tracer is started and stopped with the osnoise workload option toggled on and off. When the OSNOISE_WORKLOAD option is disabled and then enabled again, the tracepoints enabled during timerlat registration are not properly disabled upon removal of the timerlat tracer. This leads to a scenario where restarting the timerlat tracer triggers warnings in the tracepoint code due to attempts to register tracepoints that were never disabled. The root cause is the reliance on user-space defined options to determine whether to disable tracepoints, rather than using a global flag to track the enabled state. This flaw can cause kernel warnings and potentially unstable kernel behavior, as indicated by the kernel warning logs and call traces provided. While the vulnerability does not directly indicate a memory corruption or privilege escalation, the improper tracepoint management could lead to kernel instability or denial of service conditions. The vulnerability affects Linux kernel versions identified by the commit hash e88ed227f639ebcb31ed4e5b88756b47d904584b and similar builds. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The fix involves setting a global flag to track the enabled state of OSNOISE_WORKLOAD and using this flag to correctly disable tracepoints when the timerlat tracer is removed, preventing the tracepoint registration warnings and potential kernel instability.
Potential Impact
For European organizations, the impact of CVE-2025-21733 primarily concerns systems running vulnerable Linux kernel versions with tracing features enabled, especially those using the timerlat tracer with osnoise workload options. The vulnerability could lead to kernel warnings and instability, potentially causing system crashes or denial of service. This is particularly critical for environments relying on real-time or performance-sensitive Linux systems, such as telecommunications infrastructure, industrial control systems, and cloud service providers prevalent in Europe. Kernel instability can disrupt critical services, leading to operational downtime and potential data loss. Although no direct privilege escalation or remote code execution is indicated, the risk of denial of service or system reliability degradation can affect service availability and operational continuity. Organizations with stringent uptime requirements or those operating in regulated sectors (e.g., finance, healthcare, energy) may face compliance and reputational risks if systems are impacted. The absence of known exploits reduces immediate threat levels, but the vulnerability should be addressed proactively to prevent exploitation through indirect means or future attack vectors leveraging kernel instability.
Mitigation Recommendations
To mitigate CVE-2025-21733, European organizations should: 1) Apply the latest Linux kernel patches that address the tracepoint handling issue in the osnoise tracing module. Ensure kernel versions are updated beyond the affected commit hashes. 2) Audit and monitor systems using the timerlat tracer with osnoise workload options to detect abnormal kernel warnings or tracepoint registration errors. 3) Disable or avoid using the timerlat tracer with the osnoise workload option in production environments until patches are applied, especially on critical systems. 4) Implement kernel tracing and logging monitoring to catch early signs of kernel instability or warnings related to tracepoints. 5) For environments requiring tracing, validate that global flags or kernel parameters controlling tracepoint states are correctly set and managed. 6) Incorporate kernel update procedures into regular maintenance cycles, prioritizing systems with real-time or performance monitoring enabled. 7) Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment. These steps go beyond generic advice by focusing on the specific tracing subsystem and the operational context of the vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.756Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe8610
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 8:39:58 AM
Last updated: 8/13/2025, 9:31:59 AM
Views: 11
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.