We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38031

padata: do not leak refcount in reorder_work



Description

In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorder_work A recent patch that addressed a UAF introduced a reference count leak: the parallel_data refcount is incremented unconditionally, regardless of the return value of queue_work(). If the work item is already queued, the incremented refcount is never decremented. Fix this by checking the return value of queue_work() and decrementing the refcount when necessary. Resolves: Unreferenced object 0xffff9d9f421e3d80 (size 192): comm "cryptomgr_probe", pid 157, jiffies 4294694003 hex dump (first 32 bytes): 80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............ d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#. backtrace (crc 838fb36): __kmalloc_cache_noprof+0x284/0x320 padata_alloc_pd+0x20/0x1e0 padata_alloc_shell+0x3b/0xa0 0xffffffffc040a54d cryptomgr_probe+0x43/0xc0 kthread+0xf6/0x1f0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30

Reserved 2025-04-16 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

f4f1b1169fc3694f9bc3e28c6c68dbbf4cc744c0 before b9ad8e50e8589607e68e6c4cefa7f72bf35a2cb1
affected

4c6209efea2208597dbd3e52dc87a0d1a8f2dbe1 before 1a426abdf1c86882c9203dd8182f3b8274b89938
affected

7000507bb0d2ceb545c0a690e0c707c897d102c2 before cceb15864e1612ebfbc10ec4e4dcd19a10c0056c
affected

6f45ef616775b0ce7889b0f6077fc8d681ab30bc before 584a729615fa92f4de45480efb7e569d14be1516
affected

8ca38d0ca8c3d30dd18d311f1a7ec5cb56972cac before 5300e487487d7a2e3e1e6e9d8f03ed9452e4019e
affected

dd7d37ccf6b11f3d95e797ebe4e9e886d0332600 before 1c65ae4988714716101555fe2b9830e33136d6fb
affected

dd7d37ccf6b11f3d95e797ebe4e9e886d0332600 before d6ebcde6d4ecf34f8495fb30516645db3aea8993
affected

a54091c24220a4cd847d5b4f36d678edacddbaf0
affected

Default status
affected

6.14
affected

Any version before 6.14
unaffected

5.10.238
unaffected

5.15.185
unaffected

6.1.141
unaffected

6.6.93
unaffected

6.12.31
unaffected

6.14.9
unaffected

6.15
unaffected

References

git.kernel.org/...c/b9ad8e50e8589607e68e6c4cefa7f72bf35a2cb1

git.kernel.org/...c/1a426abdf1c86882c9203dd8182f3b8274b89938

git.kernel.org/...c/cceb15864e1612ebfbc10ec4e4dcd19a10c0056c

git.kernel.org/...c/584a729615fa92f4de45480efb7e569d14be1516

git.kernel.org/...c/5300e487487d7a2e3e1e6e9d8f03ed9452e4019e

git.kernel.org/...c/1c65ae4988714716101555fe2b9830e33136d6fb

git.kernel.org/...c/d6ebcde6d4ecf34f8495fb30516645db3aea8993

cve.org (CVE-2025-38031)

nvd.nist.gov (CVE-2025-38031)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38031

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.