CVE-2025-40355

In the Linux kernel, the following vulnerability has been resolved:

sysfs: check visibility before changing group attribute ownership

Since commit 0c17270f9b92 ("net: sysfs: Implement isvisible for phys(portid, portname, switch_id)"), __devchangenetnamespace() can hit WARNON() when trying to change owner of a file that isn't visible. See the trace below:

WARNING: CPU: 6 PID: 2938 at net/core/dev.c:12410 __devchangenet_namespace+0xb89/0xc30 CPU: 6 UID: 0 PID: 2938 Comm: incusd Not tainted 6.17.1-1-mainline #1 PREEMPT(full) 4b783b4a638669fb644857f484487d17cb45ed1f Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.07 02/19/2025 RIP: 0010:__devchangenetnamespace+0xb89/0xc30 [...] Call Trace: <TASK> ? if6seqshow+0x30/0x50 dosetlink.isra.0+0xc7/0x1270 ? __nlavalidateparse+0x5c/0xcc0 ? securitycapable+0x94/0x1a0 rtnlnewlink+0x858/0xc20 ? updatecurr+0x8e/0x1c0 ? updateentitylag+0x71/0x80 ? schedbalancenewidle+0x358/0x450 ? psitask_switch+0x113/0x2a0 ? __pfxrtnlnewlink+0x10/0x10 rtnetlinkrcvmsg+0x346/0x3e0 ? sched_clock+0x10/0x30 ? __pfxrtnetlinkrcvmsg+0x10/0x10 netlinkrcvskb+0x59/0x110 netlinkunicast+0x285/0x3c0 ? __allocskb+0xdb/0x1a0 netlinksendmsg+0x20d/0x430 ____syssendmsg+0x39f/0x3d0 ? importiovec+0x2f/0x40 ___sys_sendmsg+0x99/0xe0 __syssendmsg+0x8a/0xf0 dosyscall_64+0x81/0x970 ? __sysbind+0xe3/0x110 ? syscallexitwork+0x143/0x1b0 ? dosyscall64+0x244/0x970 ? sockallocfile+0x63/0xc0 ? syscallexitwork+0x143/0x1b0 ? dosyscall64+0x244/0x970 ? allocfd+0x12e/0x190 ? putunusedfd+0x2a/0x70 ? dosysopenat2+0xa2/0xe0 ? syscallexitwork+0x143/0x1b0 ? dosyscall64+0x244/0x970 ? excpagefault+0x7e/0x1a0 entrySYSCALL64afterhwframe+0x76/0x7e [...] </TASK>

Fix this by checking is_visible() before trying to touch the attribute.