CVE-2025-39721

EPSS 0.04%
Veröffentlicht 05.09.2025 17:21:28
Zuletzt bearbeitet 08.09.2025 16:25:38
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

crypto: qat - flush misc workqueue during device shutdown

Repeated loading and unloading of a device specific QAT driver, for
example qat_4xxx, in a tight loop can lead to a crash due to a
use-after-free scenario. This occurs when a power management (PM)
interrupt triggers just before the device-specific driver (e.g.,
qat_4xxx.ko) is unloaded, while the core driver (intel_qat.ko) remains
loaded.

Since the driver uses a shared workqueue (`qat_misc_wq`) across all
devices and owned by intel_qat.ko, a deferred routine from the
device-specific driver may still be pending in the queue. If this
routine executes after the driver is unloaded, it can dereference freed
memory, resulting in a page fault and kernel crash like the following:

    BUG: unable to handle page fault for address: ffa000002e50a01c
    #PF: supervisor read access in kernel mode
    RIP: 0010:pm_bh_handler+0x1d2/0x250 [intel_qat]
    Call Trace:
      pm_bh_handler+0x1d2/0x250 [intel_qat]
      process_one_work+0x171/0x340
      worker_thread+0x277/0x3a0
      kthread+0xf0/0x120
      ret_from_fork+0x2d/0x50

To prevent this, flush the misc workqueue during device shutdown to
ensure that all pending work items are completed before the driver is
unloaded.

Note: This approach may slightly increase shutdown latency if the
workqueue contains jobs from other devices, but it ensures correctness
and stability.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 5858448a6c65d8ee3f8600570d3ce19febcb33be

Version e5745f34113b758b45d134dec04a7df94dc67131

Status affected

Version < fe546f5c50fc474daca6bee72caa7ab68a74c33d

Version e5745f34113b758b45d134dec04a7df94dc67131

Status affected

Version < e59a52e429e13df3feb34f4853a8e36d121ed937

Version e5745f34113b758b45d134dec04a7df94dc67131

Status affected

Version < 3d4df408ba9bad2b205c7fb8afc1836a6a4ca88a

Version e5745f34113b758b45d134dec04a7df94dc67131

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.18

Status affected

Version < 5.18

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.103

Status unaffected

Version <= 6.12.*

Version 6.12.44

Status unaffected

Version <= 6.16.*

Version 6.16.4

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.107

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/5858448a6c65d8ee3f8600570d3ce19febcb33be

https://git.kernel.org/stable/c/fe546f5c50fc474daca6bee72caa7ab68a74c33d

https://git.kernel.org/stable/c/e59a52e429e13df3feb34f4853a8e36d121ed937

https://git.kernel.org/stable/c/3d4df408ba9bad2b205c7fb8afc1836a6a4ca88a

https://nvd.nist.gov/vuln/detail/CVE-2025-39721

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39721

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39721

EUVD