CVE-2025-21726

HIGH

Linux Kernel - Use-After-Free in padata Reorder Work

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF for reorder_work Although the previous patch can avoid ps and ps UAF for _do_serial, it can not avoid potential UAF issue for reorder_work. This issue can happen just as below: crypto_request crypto_request crypto_del_alg padata_do_serial ... padata_reorder // processes all remaining // requests then breaks while (1) { if (!padata) break; ... } padata_do_serial // new request added list_add // sees the new request queue_work(reorder_work) padata_reorder queue_work_on(squeue->work) ... <kworker context> padata_serial_worker // completes new request, // no more outstanding // requests crypto_del_alg // free pd <kworker context> invoke_padata_reorder // UAF of pd To avoid UAF for 'reorder_work', get 'pd' ref before put 'reorder_work' into the 'serial_wq' and put 'pd' ref until the 'serial_wq' finish.

References (10)

Core 10
Core References

Scores

CVSS v3 7.8
EPSS 0.0021
EPSS Percentile 10.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (27)
linux/Kernel 5.11.0 - 5.15.179linux
linux/Kernel 5.16.0 - 6.1.129linux
linux/Kernel 5.6.0 - 5.10.235linux
linux/Kernel 6.13.0 - 6.13.2linux
linux/Kernel 6.2.0 - 6.6.76linux
linux/Kernel 6.7.0 - 6.12.13linux
Linux/Linux < 5.6
Linux/Linux 5.10.235 - 5.10.*
Linux/Linux 5.15.179 - 5.15.*
Linux/Linux 5.4.19 - 5.5
... and 17 more
Published Feb 27, 2025
Tracked Since Feb 18, 2026