UBUNTU-CVE-2025-21893
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in key_put() Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so key_put() is not allowed to touch the key after that point. The most key_put() is normally allowed to do is to touch key_gc_work as that's a static global variable. However, in an effort to speed up the reclamation of quota, this is now done in key_put() once the key's usage is reduced to 0 - but now the code is looking at the key after the deadline, which is forbidden. Fix this by using a flag to indicate that a key can be gc'd now rather than looking at the key's refcount in the garbage collector.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- ubuntu•linux-allwinner-5.19
all
- ubuntu•linux-aws-5.0
all
- ubuntu•linux-aws-5.11
all
- ubuntu•linux-aws-5.13
all
- ubuntu•linux-aws-5.19
all
- ubuntu•linux-aws-5.3
all
- ubuntu•linux-aws-5.8
all
- ubuntu•linux-aws-6.2
all
- ubuntu•linux-aws-6.5
all
- ubuntu•linux-azure
all
- ubuntu•linux-azure-5.11
all
- ubuntu•linux-azure-5.13
all
- ubuntu•linux-azure-5.19
all
- ubuntu•linux-azure-5.3
all
- ubuntu•linux-azure-5.8
all
- ubuntu•linux-azure-6.11
< 6.11.0-1018.18~24.04.1
- ubuntu•linux-azure-6.2
all
- ubuntu•linux-azure-6.5
all
- ubuntu•linux-azure-edge
all
- ubuntu•linux-azure-fde
all
- ubuntu•linux-azure-fde-5.19
all
- ubuntu•linux-azure-fde-6.2
all
- ubuntu•linux-gcp
all
- ubuntu•linux-gcp-5.11
all
- ubuntu•linux-gcp-5.13
all
- ubuntu•linux-gcp-5.19
all
- ubuntu•linux-gcp-5.3
all
- ubuntu•linux-gcp-5.8
all
- ubuntu•linux-gcp-6.11
< 6.11.0-1016.16~24.04.1
- ubuntu•linux-gcp-6.2
all
- ubuntu•linux-gcp-6.5
all
- ubuntu•linux-gke
all
- ubuntu•linux-gke-4.15
all
- ubuntu•linux-gke-5.15
all
- ubuntu•linux-gke-5.4
all
- ubuntu•linux-gkeop
all
- ubuntu•linux-gkeop-5.15
all
- ubuntu•linux-gkeop-5.4
all
- ubuntu•linux-hwe
all
- ubuntu•linux-hwe-5.11
all
- ubuntu•linux-hwe-5.13
all
- ubuntu•linux-hwe-5.19
all
- ubuntu•linux-hwe-5.8
all
- ubuntu•linux-hwe-6.11
< 6.11.0-28.28~24.04.1
- ubuntu•linux-hwe-6.2
all
- ubuntu•linux-hwe-6.5
all
- ubuntu•linux-hwe-edge
all | all
- ubuntu•linux-intel-5.13
all
- ubuntu•linux-intel-iot-realtime
all
- ubuntu•linux-lowlatency-hwe-5.19
all
Showing first 50 affected entries in server-rendered view.
References (10)
- https://ubuntu.com/security/CVE-2025-21893
- https://www.cve.org/CVERecord?id=CVE-2025-21893
- https://git.kernel.org/linus/75845c6c1a64483e9985302793dbf0dfa5f71e32
- https://git.kernel.org/stable/c/6afe2ea2daec156bd94ad2c5a6f4f4c48240dcd3
- https://git.kernel.org/stable/c/75845c6c1a64483e9985302793dbf0dfa5f71e32
- https://git.kernel.org/stable/c/f6a3cf833188e897c97028cd7b926e3f2cb1a8c0
- https://ubuntu.com/security/notices/USN-7605-1
- https://ubuntu.com/security/notices/USN-7606-1
- https://ubuntu.com/security/notices/USN-7605-2
- https://ubuntu.com/security/notices/USN-7628-1