CVE-2025-21786

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free bug was reported in the Linux kernel, specifically in the workqueue module. The issue arises from a commit that reaps normal workers but fails to handle the rescuer, leading to a situation where the pool's reference is not held until the detachment is complete. This results in a use-after-free bug. The bug was reported by Cheung Wall.

Recommendations To resolve the issue, the code that puts the pwq should be moved after detaching the rescuer from the pool, ensuring the pool's reference is held until the detachment is complete. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:20095

ALSA-2025:20518

ALT-PU-2025-12647

AZL-58887

AZL-58922

BDU:2025-04525

CVE-2025-21786

INFSA-2025_20518

RHSA-2025:20095

RHSA-2025:20518

RHSA-2025_20518

RHSA-2026:2352

USN-7521-1

USN-7521-2

USN-7521-3

USN-7703-1

USN-7703-2

USN-7703-3

USN-7703-4

USN-7719-1

USN-7737-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Ubuntu

CVE-2025-21786

Weakness Enumeration

Related Identifiers

Affected Products

References · 642