CVE-2025-21786 Information

Mar 01, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

workqueue: Put the pwq after detaching the rescuer from the pool

The commit 68f83057b913(\workqueue: Reap workers via kthread_stop() and remove detach_completion) adds code to reap the normal workers but mistakenly does not handle the rescuer and also removes the code waiting for the rescuer in put_unbound_pool() which caused a use-after-free bug reported by Cheung Wall.

To avoid the use-after-free bug the pool’s reference must be held until the detachment is complete. Therefore move the code that puts the pwq after detaching the rescuer from the pool.

Reference

https://git.kernel.org/stable/c/835b69c868f53f959d4986bbecd561ba6f38e492 https://git.kernel.org/stable/c/e76946110137703c16423baf6ee177b751a34b7e https://git.kernel.org/stable/c/e7c16028a424dd35be1064a68fa318be4359310f

Share on: