Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]crypto: qat - flush misc workqueue during device shutdown[EOL][EOL]Repeated loading and unloading of a device specific QAT driver, for[EOL]example qat_4xxx, in a tight loop can lead to a crash due to a[EOL]use-after-free scenario. This occurs when a power management (PM)[EOL]interrupt triggers just before the device-specific driver (e.g.,[EOL]qat_4xxx.ko) is unloaded, while the core driver (intel_qat.ko) remains[EOL]loaded.[EOL][EOL]Since the driver uses a shared workqueue (`qat_misc_wq`) across all[EOL]devices and owned by intel_qat.ko, a deferred routine from the[EOL]device-specific driver may still be pending in the queue. If this[EOL]routine executes after the driver is unloaded, it can dereference freed[EOL]memory, resulting in a page fault and kernel crash like the following:[EOL][EOL]    BUG: unable to handle page fault for address: ffa000002e50a01c[EOL]    #PF: supervisor read access in kernel mode[EOL]    RIP: 0010:pm_bh_handler+0x1d2/0x250 [intel_qat][EOL]    Call Trace:[EOL]      pm_bh_handler+0x1d2/0x250 [intel_qat][EOL]      process_one_work+0x171/0x340[EOL]      worker_thread+0x277/0x3a0[EOL]      kthread+0xf0/0x120[EOL]      ret_from_fork+0x2d/0x50[EOL][EOL]To prevent this, flush the misc workqueue during device shutdown to[EOL]ensure that all pending work items are completed before the driver is[EOL]unloaded.[EOL][EOL]Note: This approach may slightly increase shutdown latency if the[EOL]workqueue contains jobs from other devices, but it ensures correctness[EOL]and stability.

CREATE(Triage):(User=admin) [CVE-2025-39721 (https://nvd.nist.gov/vuln/detail/CVE-2025-39721)