PT-2025-14592 · Linux+10 · Linux Kernel+10

Published

2025-04-03

·

Updated

2026-04-20

·

CVE-2025-21999

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free (UAF) bug has been fixed in the Linux kernel, specifically in the proc get inode() function. The issue arises from a race condition between the removal of a module (rmmod) and the instantiation of an inode for a /proc/XXX entry. The problem occurs because pde->proc ops belongs to a module, not to /proc, and dereferencing it after the /proc entry has been registered is incorrect unless the use pde/unuse pde() pair has been used. To avoid this, information necessary for inode instantiation can be saved before proc register() in the PDE itself and used later, thus avoiding the dereference of pde->proc ops. This bug can trigger a UAF error when the module is already freed.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:9080
ALT-PU-2025-12647
ALT-PU-2025-5353
ALT-PU-2025-5786
AZL-59604
AZL-59651
BDU:2025-10273
CVE-2025-21999
DLA-4178-1
DLA-4193-1
DSA-5900-1
ECHO-60B8-C450-2285
INFSA-2025_9080
MGASA-2025-0142
MGASA-2025-0146
OESA-2025-1446
OESA-2025-1450
OESA-2025-1513
OESA-2025-1514
OESA-2025-1515
OPENSUSE-SU-2025_01614-1
OPENSUSE-SU-2025_01707-1
RHSA-2025:9080
RHSA-2025:9348
RHSA-2025_9080
RHSA-2026:19875
RHSA-2026:20593
RHSA-2026:21209
SUSE-SU-2025:01614-1
SUSE-SU-2025:01707-1
SUSE-SU-2025:01918-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01966-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01982-1
SUSE-SU-2025:01995-1
SUSE-SU-2025:02173-1
SUSE-SU-2025:02262-1
SUSE-SU-2025:03097-1
SUSE-SU-2025:03100-1
SUSE-SU-2025:03108-1
SUSE-SU-2025:03109-1
SUSE-SU-2025:03111-1
SUSE-SU-2025:03123-1
SUSE-SU-2025:03124-1
SUSE-SU-2025:03126-1
SUSE-SU-2025:03129-1
SUSE-SU-2025:03130-1
SUSE-SU-2025:03133-1
SUSE-SU-2025:03148-1
SUSE-SU-2025:03153-1
SUSE-SU-2025:03156-1
SUSE-SU-2025:03160-1
SUSE-SU-2025:03165-1
SUSE-SU-2025:03175-1
SUSE-SU-2025:03179-1
SUSE-SU-2025:03180-1
SUSE-SU-2025:03181-1
SUSE-SU-2025:03184-1
SUSE-SU-2025:03185-1
SUSE-SU-2025:03186-1
SUSE-SU-2025:03190-1
SUSE-SU-2025:03191-1
SUSE-SU-2025:03194-1
SUSE-SU-2025:03207-1
SUSE-SU-2025:03208-1
SUSE-SU-2025:03209-1
SUSE-SU-2025:03210-1
SUSE-SU-2025:03212-1
SUSE-SU-2025:03215-1
SUSE-SU-2025:03217-1
SUSE-SU-2025:03223-1
SUSE-SU-2025:03226-1
SUSE-SU-2025:03235-1
SUSE-SU-2025:20343-1
SUSE-SU-2025:20344-1
SUSE-SU-2025:20354-1
SUSE-SU-2025:20355-1
SUSE-SU-2025:20698-1
SUSE-SU-2025:20699-1
SUSE-SU-2025:20700-1
SUSE-SU-2025:20703-1
SUSE-SU-2025:20704-1
SUSE-SU-2025:20705-1
SUSE-SU-2025:20706-1
SUSE-SU-2025:20707-1
SUSE-SU-2025:20711-1
SUSE-SU-2025:20712-1
SUSE-SU-2025:20714-1
SUSE-SU-2025:20761-1
SUSE-SU-2025:20763-1
SUSE-SU-2025:20766-1
SUSE-SU-2025:20767-1
SUSE-SU-2025:20775-1
SUSE-SU-2025:20776-1
SUSE-SU-2025:20777-1
SUSE-SU-2025:20778-1
SUSE-SU-2025:20782-1
SUSE-SU-2025:2173-1
SUSE-SU-2025_01614-1
SUSE-SU-2025_01707-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01982-1
SUSE-SU-2025_02173-1
SUSE-SU-2025_02262-1
USN-7591-1
USN-7591-2
USN-7591-3
USN-7591-4
USN-7591-5
USN-7591-6
USN-7592-1
USN-7593-1
USN-7597-1
USN-7597-2
USN-7598-1
USN-7602-1
USN-7605-1
USN-7605-2
USN-7606-1
USN-7628-1
USN-7655-1
USN-7764-1
USN-7764-2
USN-7765-1
USN-7766-1
USN-7767-1
USN-7767-2
USN-7779-1
USN-7790-1
USN-7800-1
USN-7801-1
USN-7801-2
USN-7801-3
USN-7802-1
USN-7809-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu