{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "1773572863c43a14a3e45f0591f28b7dec1ee52a"
            },
            {
              "fixed": "3a4ca365c51729143a2cab693cd40fe0bb585ef0"
            },
            {
              "fixed": "c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21840.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header\n\nThe intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY\nattribute to receive HFI events from kernel space, encounters a\nsegmentation fault after commit 1773572863c4 (\"thermal: netlink: Add the\ncommands and the events for the thresholds\").\n\nThe issue arises because the THERMAL_GENL_ATTR_CPU_CAPABILITY raw value\nwas changed while intel_lpmd still uses the old value.\n\nAlthough intel_lpmd can be updated to check the THERMAL_GENL_VERSION and\nuse the appropriate THERMAL_GENL_ATTR_CPU_CAPABILITY value, the commit\nitself is questionable.\n\nThe commit introduced a new element in the middle of enum thermal_genl_attr,\nwhich affects many existing attributes and introduces potential risks\nand unnecessary maintenance burdens for userspace thermal netlink event\nusers.\n\nSolve the issue by moving the newly introduced\nTHERMAL_GENL_ATTR_TZ_PREV_TEMP attribute to the end of the\nenum thermal_genl_attr. This ensures that all existing thermal generic\nnetlink attributes remain unaffected.\n\n[ rjw: Subject edits ]",
  "id": "CVE-2025-21840",
  "modified": "2026-04-01T23:10:07.414510162Z",
  "published": "2025-03-07T09:09:58.907Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a4ca365c51729143a2cab693cd40fe0bb585ef0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21840.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21840"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.3",
  "summary": "thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header"
}