Use-After-Free Vulnerability in Intel QAT Driver for Linux Kernel

CVE-2025-39721

What is CVE-2025-39721?

A vulnerability in the Intel QuickAssist Technology (QAT) driver for Linux kernel can lead to a crash due to a use-after-free condition. This issue emerges when the device-specific QAT driver is loaded and unloaded repeatedly in rapid succession, specifically in scenarios where power management interrupts occur just before driver unloading. The shared workqueue used by the driver can still contain pending work items, which could execute after memory has been freed, resulting in a page fault and potential kernel crash. To mitigate this risk, it is recommended to flush the misc workqueue during device shutdown to ensure all pending tasks are properly completed before unloading the driver.

References