[SRU][P/N/J][PATCH v4 0/2] CVE-2025-38584
Alice C. Munduruca
alice.munduruca at canonical.com
Tue Oct 14 14:26:28 UTC 2025
v4 -> Fixed tag added in previous series.
v3 -> Added followup patch to remove irrelevant comment and added a CVE tag.
v2 -> Reworked structure to match flat hierarchy standard.
[ Impact ]
Despite previous attempts to fix this bug, a UAF still occurs in certain
situations within padata. In order to fix it for good, the previous queueing
system is completely removed and logic is rewritten to be safe.
[ Fix ]
plucky: backported from upstream, writing over a minor change with `cpumask_next_wrap`.
noble: redid backport from same provenance due to context changes.
jammy: cleanly applied plucky fix.
[ Tests ]
Compile, boot, and stress-ng (cpu) tested.
[ Where problems could occur ]
Given that padata has had this UAF for a while, there is not really a risk of
regression, so much as not having fixed the problem. The fact that changes to the
original patch are minor minimizes this risk.
Herbert Xu (2):
padata: Fix pd UAF once and for all
padata: Remove comment for reorder_work
include/linux/padata.h | 4 --
kernel/padata.c | 132 ++++++++++++-----------------------------
2 files changed, 37 insertions(+), 99 deletions(-)
--
2.51.0
More information about the kernel-team
mailing list