CVE-2025-21726

In the Linux kernel, the following vulnerability has been resolved:

padata: avoid UAF for reorder_work

Although the previous patch can avoid ps and ps UAF for _do_serial, it can not avoid potential UAF issue for reorder_work. This issue can happen just as below:

crypto_request crypto_request crypto_del_alg padata_do_serial ... padata_reorder // processes all remaining // requests then breaks while (1) { if (!padata) break; ... }

			padata_do_serial
			  // new request added
			  list_add
// sees the new request
queue_work(reorder_work)
			  padata_reorder
			    queue_work_on(squeue-&gt;work)

...

			&lt;kworker context&gt;
			padata_serial_worker
			// completes new request,
			// no more outstanding
			// requests

						crypto_del_alg
						  // free pd

<kworker context> invoke_padata_reorder // UAF of pd

To avoid UAF for 'reorder_work', get 'pd' ref before put 'reorder_work' into the 'serial_wq' and put 'pd' ref until the 'serial_wq' finish.

Published: Feb 27, 2025
Updated: May 4, 2025
CVE: CVE-2025-21726
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.4.19	5.5
linux / linux_kernel	6.13	6.13.2
linux / linux_kernel	6.2	6.6.76
linux / linux_kernel	6.7	6.12.13
linux / linux_kernel	5.16	6.1.129
linux / linux_kernel	5.11	5.15.79
linux / linux_kernel	5.5.3	5.10.235

Vulnerability Database

CVE-2025-21726

Deep Security Visibility Without the Complexity