Guillaume

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue exists in the kthread component. When a kthread exits via `make task dead()`, it bypasses `kthread exit()`, causing the `affinity node` cleanup to be missed. Consequently, `free kthread struct()` frees the memory while the node remains linked in the global `kthread affinity list`. A subsequent `list del()` operation by another kthread can then write through dangling pointers into the freed and reused memory, leading to the corruption of the `pid`'s `rcu.func` pointer. **Recommendations** Consolidate all kthread exit paths by implementing `kthread exit()` as a macro that calls `do exit()` and introducing `kthread do exit()`, which is called from `do exit()` for any task with `PF KTHREAD` set to ensure kthread-specific cleanup always occurs.