CVE-2025-21786

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 27, 2025

CWE ID 416

Summary

CVE-2025-21786 is a vulnerability affecting the Linux kernel. This issue arises from a mistake in commit 68f83057b913, where the code for reaping normal workers was added, but the handling for the rescuer was overlooked. The rescuer, along with the code waiting for it in put_unbound_pool(), was inadvertently removed, leading to a use-after-free bug. To mitigate this vulnerability, the reference to the pool must be held until the detachment is complete, and the code that puts the workqueue after detaching the rescuer should be moved accordingly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3xjVOc
https://www.cve.org/CVERecord?id=CVE-2025-21786
https://nvd.nist.gov/vuln/detail/CVE-2025-21786

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners