AZL-66518

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66518.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-66518

Upstream

CVE-2025-38584

Published

2025-08-19T17:15:35Z

Modified

2026-04-01T05:20:59.583461Z

Summary

CVE-2025-38584 affecting package kernel 6.6.126.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

padata: Fix pd UAF once and for all

There is a race condition/UAF in padatareorder that goes back to the initial commit. A reference count is taken at the start of the process in padatadoparallel, and released at the end in padataserial_worker.

This reference count is (and only is) required for padatareplace to function correctly. If padatareplace is never called then there is no issue.

In the function padata_reorder which serves as the core of padata, as soon as padata is added to queue->serial.list, and the associated spin lock released, that padata may be processed and the reference count on pd would go away.

Fix this by getting the next padata before the squeue->serial lock is released.

In order to make this possible, simplify padata_reorder by only calling it once the next padata arrives.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38584

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.6.126.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66518.json"