CVE-2025-39721:Use-after-free vulnerability in Linux kernel's QAT driver causing potential system crashes during device unloading.

splash
Back

Description Preview

A vulnerability in the Linux kernel's Intel QuickAssist Technology (QAT) driver can lead to a use-after-free scenario, potentially causing system crashes. The issue occurs when repeatedly loading and unloading device-specific QAT drivers (e.g., qat_4xxx) in rapid succession. If a power management interrupt triggers just before the device-specific driver unloads, while the core driver (intel_qat.ko) remains loaded, a deferred routine may execute after the driver is unloaded, resulting in dereferencing freed memory and a kernel crash.

Overview

The vulnerability stems from the use of a shared workqueue (qat_misc_wq) across all QAT devices, managed by the core intel_qat.ko driver. When a device-specific driver is unloaded, pending work items in this shared queue may still reference the unloaded driver's memory. If these items execute after unloading, they attempt to access freed memory, leading to a page fault and kernel crash. This scenario is particularly likely when rapidly loading and unloading QAT drivers, creating a race condition between driver unloading and workqueue execution.

Remediation

To address this vulnerability, the Linux kernel has implemented a fix that flushes the misc workqueue during device shutdown. This ensures all pending work items complete before the driver unloads, preventing the use-after-free condition. While this approach may slightly increase shutdown latency if the workqueue contains jobs from other devices, it significantly improves system stability and prevents potential crashes. Users and administrators should update their Linux kernel to a version that includes this fix to mitigate the vulnerability.

References

[1] Linux Kernel Git Repository, "crypto: qat - flush misc workqueue during device shutdown," https://git.kernel.org/stable/c/3d4df408ba9bad2b205c7fb8afc1836a6a4ca88a

[2] Linux Kernel Git Repository, "Commit 5858448a6c65d8ee3f8600570d3ce19febcb33be," https://git.kernel.org/stable/c/5858448a6c65d8ee3f8600570d3ce19febcb33be

[3] Linux Kernel Git Repository, "Commit e59a52e429e13df3feb34f4853a8e36d121ed937," https://git.kernel.org/stable/c/e59a52e429e13df3feb34f4853a8e36d121ed937

[4] Linux Kernel Git Repository, "Commit fe546f5c50fc474daca6bee72caa7ab68a74c33d," https://git.kernel.org/stable/c/fe546f5c50fc474daca6bee72caa7ab68a74c33d

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Medium
    Manufacturing
  2. Public Administration: Medium
    Public Administration
  3. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  4. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  5. Retail Trade: Low
    Retail Trade
  6. Finance and Insurance: Low
    Finance and Insurance
  7. Educational Services: Low
    Educational Services
  8. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  9. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  10. Transportation & Warehousing: Low
    Transportation & Warehousing
  11. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  12. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  13. Information: Low
    Information
  14. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  15. Utilities: Low
    Utilities
  16. Accommodation & Food Services: Low
    Accommodation & Food Services
  17. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  18. Construction: Low
    Construction
  19. Mining: Low
    Mining
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background