NACK: [SRU][P/N/J][PATCH 0/2] CVE-2025-38584
Alice C. Munduruca
alice.munduruca at canonical.com
Tue Oct 7 21:01:40 UTC 2025
Submitting a v2, thanks for catching this!
- Alice C. Munduruca
On 10/7/25 04:48, Alessio Faina wrote:
> On Wed, Oct 01, 2025 at 11:03:11AM -0400, Alice C. Munduruca wrote:
>> [ Impact ]
>>
>> Despite previous attempts to fix this bug, a UAF still occurs in certain
>> situations within padata. In order to fix it for good, the previous queueing
>> system is completely removed and logic is rewritten to be safe.
>>
>> [ Fix ]
>>
>> plucky: backported from upstream, writing over a minor change with `cpumask_next_wrap`.
>> noble: redid backport from same provenance due to context changes.
>> jammy: cleanly applied plucky fix.
>>
>> [ Tests ]
>>
>> Compile, boot, and stress-ng (cpu) tested.
>>
>> [ Where problems could occur ]
>>
>> Given that padata has had this UAF for a while, there is not really a risk of
>> regression, so much as not having fixed the problem. The fact that changes to the
>> original patch are minor minimizes this risk.
>>
>> Herbert Xu (1):
>> padata: Fix pd UAF once and for all
>>
>> include/linux/padata.h | 3 -
>> kernel/padata.c | 132 ++++++++++++-----------------------------
>> 2 files changed, 37 insertions(+), 98 deletions(-)
>>
>> --
>> 2.51.0
>>
>>
>> --
>> kernel-team mailing list
>> kernel-team at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
> The format used to submit the patch does not follow the flat hierarchy
> standard.
> Please resubmit a v2 using the following structure:
>
> [SRU][P/N/J][PATCH 0/1] CVE-2025-38584
> [SRU][P/J][PATCH 1/1] padata: Fix pd UAF once and for all
> [SRU][N][PATCH 1/1] padata: Fix pd UAF once and for all
>
> - Alessio Faina
More information about the kernel-team
mailing list