vulnerability

Rocky Linux: CVE-2025-21786: kernel (Multiple Advisories)

Try Surface Command
Back to search
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Nov 21, 2025
Added
Feb 5, 2026
Modified
Feb 5, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

workqueue: Put the pwq after detaching the rescuer from the pool

The commit 68f83057b913("workqueue: Reap workers via kthread_stop() and
remove detach_completion") adds code to reap the normal workers but
mistakenly does not handle the rescuer and also removes the code waiting
for the rescuer in put_unbound_pool(), which caused a use-after-free bug
reported by Cheung Wall.

To avoid the use-after-free bug, the pool’s reference must be held until
the detachment is complete. Therefore, move the code that puts the pwq
after detaching the rescuer from the pool.

Solutions

rocky-upgrade-kernelrocky-upgrade-kernel-corerocky-upgrade-kernel-debugrocky-upgrade-kernel-debug-corerocky-upgrade-kernel-debug-debuginforocky-upgrade-kernel-debug-develrocky-upgrade-kernel-debug-devel-matchedrocky-upgrade-kernel-debug-modulesrocky-upgrade-kernel-debug-modules-corerocky-upgrade-kernel-debug-modules-extrarocky-upgrade-kernel-debug-uki-virtrocky-upgrade-kernel-debuginforocky-upgrade-kernel-debuginfo-common-s390xrocky-upgrade-kernel-debuginfo-common-x86_64rocky-upgrade-kernel-develrocky-upgrade-kernel-devel-matchedrocky-upgrade-kernel-modulesrocky-upgrade-kernel-modules-corerocky-upgrade-kernel-modules-extrarocky-upgrade-kernel-modules-extra-matchedrocky-upgrade-kernel-rtrocky-upgrade-kernel-rt-corerocky-upgrade-kernel-rt-debugrocky-upgrade-kernel-rt-debug-corerocky-upgrade-kernel-rt-debug-debuginforocky-upgrade-kernel-rt-debug-develrocky-upgrade-kernel-rt-debug-modulesrocky-upgrade-kernel-rt-debug-modules-corerocky-upgrade-kernel-rt-debug-modules-extrarocky-upgrade-kernel-rt-debuginforocky-upgrade-kernel-rt-develrocky-upgrade-kernel-rt-modulesrocky-upgrade-kernel-rt-modules-corerocky-upgrade-kernel-rt-modules-extrarocky-upgrade-kernel-toolsrocky-upgrade-kernel-tools-debuginforocky-upgrade-kernel-tools-libsrocky-upgrade-kernel-tools-libs-develrocky-upgrade-kernel-uki-virtrocky-upgrade-kernel-uki-virt-addonsrocky-upgrade-kernel-zfcpdumprocky-upgrade-kernel-zfcpdump-corerocky-upgrade-kernel-zfcpdump-debuginforocky-upgrade-kernel-zfcpdump-develrocky-upgrade-kernel-zfcpdump-devel-matchedrocky-upgrade-kernel-zfcpdump-modulesrocky-upgrade-kernel-zfcpdump-modules-corerocky-upgrade-kernel-zfcpdump-modules-extrarocky-upgrade-libperfrocky-upgrade-libperf-debuginforocky-upgrade-perfrocky-upgrade-perf-debuginforocky-upgrade-python3-perfrocky-upgrade-python3-perf-debuginforocky-upgrade-rtlarocky-upgrade-rv

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today