UBUNTU-CVE-2025-21726

Description

In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF for reorder_work Although the previous patch can avoid ps and ps UAF for _do_serial, it can not avoid potential UAF issue for reorder_work. This issue can happen just as below: crypto_request crypto_request crypto_del_alg padata_do_serial ... padata_reorder // processes all remaining // requests then breaks while (1) { if (!padata) break; ... } padata_do_serial // new request added list_add // sees the new request queue_work(reorder_work) padata_reorder queue_work_on(squeue->work) ... <kworker context> padata_serial_worker // completes new request, // no more outstanding // requests crypto_del_alg // free pd <kworker context> invoke_padata_reorder // UAF of pd To avoid UAF for 'reorder_work', get 'pd' ref before put 'reorder_work' into the 'serial_wq' and put 'pd' ref until the 'serial_wq' finish.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux

  < 5.4.0-225.245 | < 5.15.0-140.150 | < 6.8.0-64.67

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws

  < 5.4.0-1154.164 | < 5.15.0-1084.91 | < 6.8.0-1032.34

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1084.91~20.04.1

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1154.164~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-6.5

  all

• ubuntu•linux-aws-6.8

  < 6.8.0-1032.34~22.04.1

• ubuntu•linux-aws-fips

  < 5.4.0-1154.164+fips1 | all | < 5.15.0-1084.91+fips1

• ubuntu•linux-azure

  all | all | < 5.4.0-1157.164 | < 5.15.0-1089.98 | < 6.8.0-1034.39

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1089.98~20.04.1

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  all | < 5.4.0-1157.164~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.11

  < 6.11.0-1015.15~24.04.1

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-6.5

  all

• ubuntu•linux-azure-6.8

  < 6.8.0-1034.39~22.04.1

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all | all

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-azure-fips

  < 5.4.0-1158.165+fips1 | all | < 5.15.0-1089.98+fips1

• ubuntu•linux-azure-nvidia

  < 6.8.0-1022.23

• ubuntu•linux-bluefield

  < 5.15.0-1066.68 | all | < 5.4.0-1116.123 | < 5.15.0-1066.68 | all

• ubuntu•linux-fips

  < 5.4.0-1128.138 | all | < 5.15.0-140.150+fips1 | < 6.8.0-78.78+fips1

• ubuntu•linux-gcp

  all | < 5.4.0-1157.166 | < 5.15.0-1083.92 | < 6.8.0-1033.35

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1083.92~20.04.1

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1157.166~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.11

  < 6.11.0-1015.15~24.04.1

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-6.5

  all

• ubuntu•linux-gcp-6.8

  < 6.8.0-1033.35~22.04.1

• ubuntu•linux-gcp-fips

  < 5.4.0-1157.166+fips1 | all | < 5.15.0-1083.92+fips1

• ubuntu•linux-gke

  all | < 5.15.0-1081.87 | < 6.8.0-1028.32

• ubuntu•linux-gke-4.15

  all

Showing first 50 affected entries in server-rendered view.

References (41)

• https://ubuntu.com/security/CVE-2025-21726
• https://www.cve.org/CVERecord?id=CVE-2025-21726
• https://git.kernel.org/linus/dd7d37ccf6b11f3d95e797ebe4e9e886d0332600
• https://git.kernel.org/stable/c/6f45ef616775b0ce7889b0f6077fc8d681ab30bc
• https://git.kernel.org/stable/c/7000507bb0d2ceb545c0a690e0c707c897d102c2
• https://git.kernel.org/stable/c/8ca38d0ca8c3d30dd18d311f1a7ec5cb56972cac
• https://git.kernel.org/stable/c/a54091c24220a4cd847d5b4f36d678edacddbaf0
• https://git.kernel.org/stable/c/dd7d37ccf6b11f3d95e797ebe4e9e886d0332600
• https://ubuntu.com/security/notices/USN-7510-1
• https://ubuntu.com/security/notices/USN-7510-2
• https://ubuntu.com/security/notices/USN-7511-1
• https://ubuntu.com/security/notices/USN-7511-2
• https://ubuntu.com/security/notices/USN-7512-1
• https://ubuntu.com/security/notices/USN-7521-1
• https://ubuntu.com/security/notices/USN-7510-3
• https://ubuntu.com/security/notices/USN-7510-4
• https://ubuntu.com/security/notices/USN-7510-5
• https://ubuntu.com/security/notices/USN-7511-3
• https://ubuntu.com/security/notices/USN-7521-2
• https://ubuntu.com/security/notices/USN-7510-6
• https://ubuntu.com/security/notices/USN-7521-3
• https://ubuntu.com/security/notices/USN-7510-7
• https://ubuntu.com/security/notices/USN-7510-8
• https://ubuntu.com/security/notices/USN-7593-1
• https://ubuntu.com/security/notices/USN-7602-1
• https://ubuntu.com/security/notices/USN-7651-1
• https://ubuntu.com/security/notices/USN-7652-1
• https://ubuntu.com/security/notices/USN-7653-1
• https://ubuntu.com/security/notices/USN-7651-2
• https://ubuntu.com/security/notices/USN-7651-3
• https://ubuntu.com/security/notices/USN-7651-4
• https://ubuntu.com/security/notices/USN-7651-5
• https://ubuntu.com/security/notices/USN-7651-6
• https://ubuntu.com/security/notices/USN-7737-1
• https://ubuntu.com/security/notices/USN-7990-1
• https://ubuntu.com/security/notices/USN-7990-2
• https://ubuntu.com/security/notices/USN-7990-3
• https://ubuntu.com/security/notices/USN-7990-4
• https://ubuntu.com/security/notices/USN-7990-5
• https://ubuntu.com/security/notices/USN-7990-6
• https://ubuntu.com/security/notices/USN-8224-1