{
  "threat_severity" : "Moderate",
  "public_date" : "2025-02-27T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: workqueue: Put the pwq after detaching the rescuer from the pool",
    "id" : "2348587",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2348587"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nworkqueue: Put the pwq after detaching the rescuer from the pool\nThe commit 68f83057b913(\"workqueue: Reap workers via kthread_stop() and\nremove detach_completion\") adds code to reap the normal workers but\nmistakenly does not handle the rescuer and also removes the code waiting\nfor the rescuer in put_unbound_pool(), which caused a use-after-free bug\nreported by Cheung Wall.\nTo avoid the use-after-free bug, the pool’s reference must be held until\nthe detachment is complete. Therefore, move the code that puts the pwq\nafter detaching the rescuer from the pool.", "A vulnerability was found in the Linux kernel's work queue subsystem, which manages background task execution. The issue stems from improper handling of the \"rescuer\" thread during the cleanup of unbound work queues." ],
  "statement" : "Red Hat Product Security classifies this bug as Moderate based on the following reasons:\n* Workqueues are not accessible to unprivileged users, such as SELinux lockdown. \n* Local access is required for this bug to work.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20095",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.8.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-02-09T00:00:00Z",
    "advisory" : "RHSA-2026:2352",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "kernel-0:5.14.0-570.86.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-21786\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21786\nhttps://lore.kernel.org/linux-cve-announce/2025022608-CVE-2025-21786-f31d@gregkh/T" ],
  "name" : "CVE-2025-21786",
  "csaw" : false
}