APPLIED[N/J]/Cmnt: [SRU][P/N/J][PATCH v5 0/2] CVE-2025-38584

Stefan Bader stefan.bader at canonical.com
Fri Oct 24 14:20:55 UTC 2025 

On 17/10/2025 16:55, Alice C. Munduruca wrote:
> v5 -> Fixed ordering of patches. (tooling bug that has been fixed)
> v4 -> Fixed tag added in previous series.
> v3 -> Added followup patch to remove irrelevant comment and added a CVE tag.
> v2 -> Reworked structure to match flat hierarchy standard.
> 
> [ Impact ]
> 
> Despite previous attempts to fix this bug, a UAF still occurs in certain
> situations within padata. In order to fix it for good, the previous queueing
> system is completely removed and logic is rewritten to be safe.
> 
> [ Fix ]
> 
> plucky: backported from upstream, writing over a minor change with `cpumask_next_wrap`.
> noble: redid backport from same provenance due to context changes.
> jammy: cleanly applied plucky fix.
> 
> [ Tests ]
> 
> Compile, boot, and stress-ng (cpu) tested.
> 
> [ Where problems could occur ]
> 
> Given that padata has had this UAF for a while, there is not really a risk of
> regression, so much as not having fixed the problem. The fact that changes to the
> original patch are minor minimizes this risk.
> 
> Herbert Xu (2):
>    padata: Fix pd UAF once and for all
>    padata: Remove comment for reorder_work
> 
>   include/linux/padata.h |   4 --
>   kernel/padata.c        | 132 ++++++++++++-----------------------------
>   2 files changed, 37 insertions(+), 99 deletions(-)
> 


Plucky could no longer be applied because it was included in an upstream 
stable set which has been included in the 2025.10.13 SRU cycle. Glancing 
the applied patch over it seems to match the submitted version. Applied 
to noble,jammy:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251024/b685f239/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251024/b685f239/attachment-0001.sig>

More information about the kernel-team mailing list