CVE-2025-21727Use After Free in Linux

CWE-416Use After FreeCWE-820Missing Synchronization69 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV5.9OSV5.5
EPSS
0.0%
top 92.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedFeb 27
Latest updateDec 16

Description

In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padata_reorder A bug was found when run ltp test: BUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0 Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206 CPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+ Workqueue: pdecrypt_parallel padata_parallel_worker Call Trace: dump_stack_lvl+0x32/0x50 print_address_description.constprop.0+0x6b/0x3d0 print_report

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel5.45.10.235+5
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.15.0-140.150+2
CVEListV5linux/linuxb128a30409356df65f1a51cff3eb986cac8cfedcf78170bee51469734b1a306a74fc5f777bb22ba6+7

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

33
OSV
linux-azure-fips vulnerabilities2025-12-16
OSV
linux-azure, linux-azure-5.4 vulnerabilities2025-12-16
OSV
linux-iot vulnerabilities2025-12-04
OSV
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities2025-11-19
OSV
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnera2025-11-19

📋Vendor Advisories

35
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-16
Ubuntu
Linux kernel (Azure) vulnerabilities2025-12-16
Ubuntu
Linux kernel (IoT) vulnerabilities2025-12-04
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-11-19
Ubuntu
Linux kernel vulnerabilities2025-11-19