Description

In the Linux kernel, the following vulnerability has been resolved: workqueue: Put the pwq after detaching the rescuer from the pool The commit 68f83057b913("workqueue: Reap workers via kthread_stop() and remove detach_completion") adds code to reap the normal workers but mistakenly does not handle the rescuer and also removes the code waiting for the rescuer in put_unbound_pool(), which caused a use-after-free bug reported by Cheung Wall. To avoid the use-after-free bug, the pool’s reference must be held until the detachment is complete. Therefore, move the code that puts the pwq after detaching the rescuer from the pool.

INFO

Published Date :

2025-02-27T02:18:26.406Z

Last Modified :

2025-05-04T07:21:13.261Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21786 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21786.

URL Resource
https://git.kernel.org/stable/c/835b69c868f53f959d4986bbecd561ba6f38e492 cve-icon cve-icon
https://git.kernel.org/stable/c/e76946110137703c16423baf6ee177b751a34b7e cve-icon cve-icon
https://git.kernel.org/stable/c/e7c16028a424dd35be1064a68fa318be4359310f cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022608-CVE-2025-21786-f31d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21786 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21786 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact