Acknowledged
Created: Jun 19, 2025
Updated: Jun 20, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]padata: do not leak refcount in reorder_work[EOL][EOL]A recent patch that addressed a UAF introduced a reference count leak:[EOL]the parallel_data refcount is incremented unconditionally, regardless[EOL]of the return value of queue_work(). If the work item is already queued,[EOL]the incremented refcount is never decremented.[EOL][EOL]Fix this by checking the return value of queue_work() and decrementing[EOL]the refcount when necessary.[EOL][EOL]Resolves:[EOL][EOL]Unreferenced object 0xffff9d9f421e3d80 (size 192):[EOL] comm "cryptomgr_probe", pid 157, jiffies 4294694003[EOL] hex dump (first 32 bytes):[EOL] 80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............[EOL] d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#.[EOL] backtrace (crc 838fb36):[EOL] __kmalloc_cache_noprof+0x284/0x320[EOL] padata_alloc_pd+0x20/0x1e0[EOL] padata_alloc_shell+0x3b/0xa0[EOL] 0xffffffffc040a54d[EOL] cryptomgr_probe+0x43/0xc0[EOL] kthread+0xf6/0x1f0[EOL] ret_from_fork+0x2f/0x50[EOL] ret_from_fork_asm+0x1a/0x30
CREATE(Triage):(User=lchen-cn) [CVE-2025-38031 (https://nvd.nist.gov/vuln/detail/CVE-2025-38031)
