CVE-2025-38584

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains a race condition/use-after-free (UAF) issue in padata reorder. This occurs because a reference count is taken at the start of padata do parallel and released at the end of padata serial worker. The reference count is required for padata replace to function correctly. Once padata is added to queue->serial.list and the associated spin lock is released, the padata may be processed, and the reference count on pd may be released. The issue is fixed by getting the next padata before the squeue->serial lock is released and simplifying padata reorder to call it only once the next padata arrives.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.