CVE-2025-68324

In the Linux kernel, the following vulnerability has been resolved:

scsi: imm: Fix use-after-free bug caused by unfinished delayed work

The delayed work item 'immtq' is initialized in immattach() and scheduled via immqueuecommand() for processing SCSI commands. When the IMM parallel port SCSI host adapter is detached through immdetach(), the imm_struct device instance is deallocated.

However, the delayed work might still be pending or executing when immdetach() is called, leading to use-after-free bugs when the work function imminterrupt() accesses the already freed imm_struct memory.

The race condition can occur as follows:

CPU 0(detach thread) | CPU 1 | immqueuecommand() | immqueuecommandlck() immdetach() | scheduledelayedwork() kfree(dev) //FREE | imminterrupt() | dev = containerof(...) //USE dev-> //USE

Add disabledelayedworksync() in immdetach() to guarantee proper cancellation of the delayed work item before imm_struct is deallocated.