CVE-2025-21840

In the Linux kernel, the following vulnerability has been resolved:

thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header

The intel-lpmd tool [1], which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault after commit 1773572863c4 ("thermal: netlink: Add the commands and the events for the thresholds").

The issue arises because the THERMALGENLATTRCPUCAPABILITY raw value was changed while intel_lpmd still uses the old value.

Although intellpmd can be updated to check the THERMALGENLVERSION and use the appropriate THERMALGENLATTRCPU_CAPABILITY value, the commit itself is questionable.

The commit introduced a new element in the middle of enum thermalgenlattr, which affects many existing attributes and introduces potential risks and unnecessary maintenance burdens for userspace thermal netlink event users.

Solve the issue by moving the newly introduced THERMALGENLATTRTZPREVTEMP attribute to the end of the enum thermalgenl_attr. This ensures that all existing thermal generic netlink attributes remain unaffected.

[ rjw: Subject edits ]