CVE-2025-21983Race Condition in Linux

CWE-362Race Condition5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 84.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 1

Description

In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a system workqueue which is "system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning can be observed: workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dep

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.126.12.20+2
Debianlinux/linux_kernel< 6.12.20-1+1
CVEListV5linux/linux6c6c47b063b593785202be158e61fe5c827d6677a74979dce9e9c61f6d797c3761020252c4d8dc63+3
debiandebian/linux< linux 6.12.20-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2025-21983: In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a2025-04-01
GHSA
GHSA-jxrr-3gxj-w229: In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use2025-04-01

📋Vendor Advisories

2
Red Hat
kernel: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq2025-04-01
Debian
CVE-2025-21983: linux - In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvf...2025
CVE-2025-21983 — Race Condition in Linux | cvebase