{"uuid": "c82c8754-81ff-4af2-9109-c24906265d82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21840", "type": "seen", "source": "https://t.me/cvedetector/19806", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21840 - Intel LPMD Thermal Netlink Integer Underflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21840 \nPublished : March 7, 2025, 9:15 a.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nthermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header \n \nThe intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY \nattribute to receive HFI events from kernel space, encounters a \nsegmentation fault after commit 1773572863c4 (\"thermal: netlink: Add the \ncommands and the events for the thresholds\"). \n \nThe issue arises because the THERMAL_GENL_ATTR_CPU_CAPABILITY raw value \nwas changed while intel_lpmd still uses the old value. \n \nAlthough intel_lpmd can be updated to check the THERMAL_GENL_VERSION and \nuse the appropriate THERMAL_GENL_ATTR_CPU_CAPABILITY value, the commit \nitself is questionable. \n \nThe commit introduced a new element in the middle of enum thermal_genl_attr, \nwhich affects many existing attributes and introduces potential risks \nand unnecessary maintenance burdens for userspace thermal netlink event \nusers. \n \nSolve the issue by moving the newly introduced \nTHERMAL_GENL_ATTR_TZ_PREV_TEMP attribute to the end of the \nenum thermal_genl_attr. This ensures that all existing thermal generic \nnetlink attributes remain unaffected. \n \n[ rjw: Subject edits ] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T12:25:45.000000Z"}