CVE-2025-21786

In the Linux kernel, the following vulnerability has been resolved:

workqueue: Put the pwq after detaching the rescuer from the pool

The commit 68f83057b913("workqueue: Reap workers via kthread_stop() and remove detach_completion") adds code to reap the normal workers but mistakenly does not handle the rescuer and also removes the code waiting for the rescuer in put_unbound_pool(), which caused a use-after-free bug reported by Cheung Wall.

To avoid the use-after-free bug, the pool’s reference must be held until the detachment is complete. Therefore, move the code that puts the pwq after detaching the rescuer from the pool.

Published: Feb 27, 2025
Updated: May 4, 2025
CVE: CVE-2025-21786
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.13	6.13.4
linux / linux_kernel	-	6.12.16

https://git.kernel.org/stable/c/835b69c868f53f959d4986bbecd561ba6f38e492
https://git.kernel.org/stable/c/e76946110137703c16423baf6ee177b751a34b7e
https://git.kernel.org/stable/c/e7c16028a424dd35be1064a68fa318be4359310f

Vulnerability Database

CVE-2025-21786