Main Vulnerability Database Vulnerabilities #VU104045

Security features bypass in Linux kernel - CVE-2025-1272

Published: February 18, 2025

Vulnerability identifier: #VU104045

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-1272

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to Secure Boot implementation does not automatically enable kernel lockdown. An attacker with physical access to the system can bypass implemented security restrictions.

How to mitigate CVE-2025-1272

Install updates from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=2333706
https://bugzilla.redhat.com/show_bug.cgi?id=2345700
https://bugzilla.redhat.com/show_bug.cgi?id=2345701

Security features bypass in Linux kernel - CVE-2025-1272

Detailed vulnerability description

How to mitigate CVE-2025-1272

Sources

Please verify you're human