CVE-2025-38031 Information

Jun 19, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

padata: do not leak refcount in reorder_work

A recent patch that addressed a UAF introduced a reference count leak: the parallel_data refcount is incremented unconditionally regardless of the return value of queue_work(). If the work item is already queued the incremented refcount is never decremented.

Fix this by checking the return value of queue_work() and decrementing the refcount when necessary.

Resolves:

Unreferenced object 0xffff9d9f421e3d80 (size 192): comm ## Reference https://git.kernel.org/stable/c/1a426abdf1c86882c9203dd8182f3b8274b89938 https://git.kernel.org/stable/c/1c65ae4988714716101555fe2b9830e33136d6fb https://git.kernel.org/stable/c/5300e487487d7a2e3e1e6e9d8f03ed9452e4019e https://git.kernel.org/stable/c/584a729615fa92f4de45480efb7e569d14be1516 https://git.kernel.org/stable/c/b9ad8e50e8589607e68e6c4cefa7f72bf35a2cb1 https://git.kernel.org/stable/c/cceb15864e1612ebfbc10ec4e4dcd19a10c0056c https://git.kernel.org/stable/c/d6ebcde6d4ecf34f8495fb30516645db3aea8993

CNNVD-202506-2167 (Published: 2025-06-18)

Share on: