Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-1272

Summary
Assigner-fedora
Assigner Org ID-92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5
Published At-18 Feb, 2026 | 20:29
Updated At-18 Feb, 2026 | 20:44
Rejected At-
Credits

Kernel: secure boot does not automatically enable kernel lockdown

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:fedora
Assigner Org ID:92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5
Published At:18 Feb, 2026 | 20:29
Updated At:18 Feb, 2026 | 20:44
Rejected At:
▼CVE Numbering Authority (CNA)
Kernel: secure boot does not automatically enable kernel lockdown

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.

Affected Products
Vendor
Fedora Project
Product
Fedora Linux
Collection URL
https://packages.fedoraproject.org/pkgs/kernel/kernel/
Package Name
kernel
Default Status
unaffected
Versions
Affected
  • From 6.12.4-100.fc40 before 6.12.15-100.fc40 (rpm)
  • From 6.12.1-200.fc41 before 6.12.15-200.fc41 (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/o:redhat:enterprise_linux:9::baseos
  • cpe:/a:redhat:enterprise_linux:9::realtime
  • cpe:/a:redhat:enterprise_linux:9::crb
  • cpe:/a:redhat:enterprise_linux:9::nfv
Default Status
affected
Versions
Unaffected
  • From 0:5.14.0-570.12.1.el9_6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/o:redhat:enterprise_linux:9::baseos
  • cpe:/a:redhat:enterprise_linux:9::realtime
  • cpe:/a:redhat:enterprise_linux:9::crb
  • cpe:/a:redhat:enterprise_linux:9::nfv
Default Status
affected
Versions
Unaffected
  • From 0:5.14.0-570.12.1.el9_6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel-rt
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel-rt
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kernel-rt
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhcos
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Red Hat would like to thank Nicolas Bouchinet (ANSSI – French Cybersecurity Agency) for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2025-02-13 18:20:02
Made public.2025-02-13 00:00:00
Event: Reported to Red Hat.
Date: 2025-02-13 18:20:02
Event: Made public.
Date: 2025-02-13 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2025:6966
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-1272
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2345615
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:6966
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-1272
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2345615
Resource:
issue-tracking
x_refsource_REDHAT
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:patrick@puiterwijk.org
Published At:18 Feb, 2026 | 21:16
Updated At:18 Feb, 2026 | 21:16

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CPE Matches
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2025:6966patrick@puiterwijk.org
N/A
https://access.redhat.com/security/cve/CVE-2025-1272patrick@puiterwijk.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2345615patrick@puiterwijk.org
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:6966
Source: patrick@puiterwijk.org
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-1272
Source: patrick@puiterwijk.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2345615
Source: patrick@puiterwijk.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found