CVE-2025-38031
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorder_work A recent patch that addressed a UAF introduced a reference count leak: the parallel_data refcount is incremented unconditionally, regardless of the return value of queue_work(). If the work item is already queued, the incremented refcount is never decremented. Fix this by checking the return value of queue_work() and decrementing the refcount when necessary. Resolves: Unreferenced object 0xffff9d9f421e3d80 (size 192): comm "cryptomgr_probe", pid 157, jiffies 4294694003 hex dump (first 32 bytes): 80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............ d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#. backtrace (crc 838fb36): __kmalloc_cache_noprof+0x284/0x320 padata_alloc_pd+0x20/0x1e0 padata_alloc_shell+0x3b/0xa0 0xffffffffc040a54d cryptomgr_probe+0x43/0xc0 kthread+0xf6/0x1f0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38031
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.10.235 (inc) to 5.10.238 (exc)
linux linux_kernel From 5.15.179 (inc) to 5.15.185 (exc)
linux linux_kernel From 6.1.129 (inc) to 6.1.141 (exc)
linux linux_kernel From 6.6.76 (inc) to 6.6.93 (exc)
linux linux_kernel From 6.12.13 (inc) to 6.12.31 (exc)
linux linux_kernel From 6.13.2 (inc) to 6.14.9 (exc)
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-Other
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

This vulnerability can lead to a reference count leak in the Linux kernel, which may cause resource leakage and potentially degrade system stability or performance over time. It could also increase the risk of memory exhaustion or other unintended side effects related to improper resource management in the kernel.


Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's padata subsystem. A recent patch intended to fix a use-after-free (UAF) issue introduced a reference count leak. Specifically, the parallel_data reference count is incremented unconditionally when queue_work() is called, regardless of whether the work item is actually queued. If the work item is already queued, the incremented reference count is never decremented, causing a leak. The fix involves checking the return value of queue_work() and decrementing the reference count if necessary.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch that fixes the reference count leak in the Linux kernel's padata subsystem by ensuring the return value of queue_work() is checked and the refcount is decremented when necessary. This update resolves the issue of the parallel_data refcount being incremented unconditionally, preventing the leak.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart