Updated: 2026-02-27 03:03:21.382318
Description:
In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. A reference count is taken at the start of the process in padata_do_parallel, and released at the end in padata_serial_worker. This reference count is (and only is) required for padata_replace to function correctly. If padata_replace is never called then there is no issue. In the function padata_reorder which serves as the core of padata, as soon as padata is added to queue->serial.list, and the associated spin lock released, that padata may be processed and the reference count on pd would go away. Fix this by getting the next padata before the squeue->serial lock is released. In order to make this possible, simplify padata_reorder by only calling it once the next padata arrives.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1765463110 | 2025-12-11 15:28:38 | |
| CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1766617167 | 2026-01-12 18:23:30 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Needs Triage | 2025-11-30 10:22:20 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Needs Triage | 2025-11-30 10:22:19 | ||
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Needs Triage | 2025-11-30 10:22:25 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Ignored | 2025-12-27 04:54:32 | CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo... | |
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1766599987 | 2025-12-25 14:45:06 | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.8 | HIGH | Needs Triage | 2025-11-30 08:54:02 | ||
| RHEL 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1766600619 | 2025-12-25 14:45:05 | |
| TuxCare 9.6 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1766488019 | 2025-12-23 19:49:22 |