CVE-2025-22069: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-22069 is a vulnerability discovered in the Linux kernel, specifically affecting the RISC-V architecture's ftrace functionality. The vulnerability was disclosed on April 16, 2025, and involves a stack layout mismatch in the ftracereturntohandler function. The issue was initially reported by Naresh Kamboju while running LTP trace ftracestress_test.sh on RISC-V systems (NVD).

The vulnerability stems from a misalignment between the stack layout for constructing arguments in the ftracereturntohandler function and the _archftraceregs structure of RISC-V. According to Red Hat's assessment, this vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (Red Hat).

The vulnerability results in a 'Bad frame pointer' kernel warning and can lead to unexpected system behavior. When triggered, it causes the system to display kernel warnings with mismatched frame pointer values, potentially affecting system stability and functionality (Debian).

The issue has been fixed in various Linux distributions. Debian has marked the vulnerability as fixed in bullseye (5.10.234-1) and bookworm (6.1.133-1) releases, while it remains vulnerable in trixie and sid versions. Red Hat Enterprise Linux versions 6, 7, 8, and 9 are not affected by this vulnerability (Debian, Red Hat).