Use-After-Free Vulnerability in Linux Kernel Affecting Multiple Cryptographic Operations
CVE-2025-21726

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

An issue within the Linux kernel related to padata can lead to a Use-After-Free scenario during the processing of cryptographic requests. The flaw arises in the handling of reorder_work while processing queued requests, which may allow an attacker to exploit this condition, potentially leading to arbitrary code execution. After an update, it’s crucial to ensure that references are properly managed to avoid releasing memory too early. This vulnerability underscores the importance of maintaining up-to-date kernel versions to mitigate risks associated with cryptographic operations.

Affected Version(s)

Linux bbefa1dd6a6d53537c11624752219e39959d04fb < 7000507bb0d2ceb545c0a690e0c707c897d102c2

Linux bbefa1dd6a6d53537c11624752219e39959d04fb < 6f45ef616775b0ce7889b0f6077fc8d681ab30bc

Linux bbefa1dd6a6d53537c11624752219e39959d04fb < 8ca38d0ca8c3d30dd18d311f1a7ec5cb56972cac

References

https://git.kernel.org/stable/c/7000507bb0d2ceb545c0a690e...

https://git.kernel.org/stable/c/6f45ef616775b0ce7889b0f60...

https://git.kernel.org/stable/c/8ca38d0ca8c3d30dd18d311f1...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024