NACK: [SRU][P/N/J][PATCH 0/2] CVE-2025-38584
Alessio Faina
alessio.faina at canonical.com
Tue Oct 7 08:48:16 UTC 2025
On Wed, Oct 01, 2025 at 11:03:11AM -0400, Alice C. Munduruca wrote:
> [ Impact ]
>
> Despite previous attempts to fix this bug, a UAF still occurs in certain
> situations within padata. In order to fix it for good, the previous queueing
> system is completely removed and logic is rewritten to be safe.
>
> [ Fix ]
>
> plucky: backported from upstream, writing over a minor change with `cpumask_next_wrap`.
> noble: redid backport from same provenance due to context changes.
> jammy: cleanly applied plucky fix.
>
> [ Tests ]
>
> Compile, boot, and stress-ng (cpu) tested.
>
> [ Where problems could occur ]
>
> Given that padata has had this UAF for a while, there is not really a risk of
> regression, so much as not having fixed the problem. The fact that changes to the
> original patch are minor minimizes this risk.
>
> Herbert Xu (1):
> padata: Fix pd UAF once and for all
>
> include/linux/padata.h | 3 -
> kernel/padata.c | 132 ++++++++++++-----------------------------
> 2 files changed, 37 insertions(+), 98 deletions(-)
>
> --
> 2.51.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
The format used to submit the patch does not follow the flat hierarchy
standard.
Please resubmit a v2 using the following structure:
[SRU][P/N/J][PATCH 0/1] CVE-2025-38584
[SRU][P/J][PATCH 1/1] padata: Fix pd UAF once and for all
[SRU][N][PATCH 1/1] padata: Fix pd UAF once and for all
- Alessio Faina
More information about the kernel-team
mailing list