Armis Logo< Back

CVE-2025-39721:

A use-after-free vulnerability in the Linux kernel's QAT driver can lead to kernel crashes during repeated device loading and unloading.


Score
Info
A numerical rating that indicates how dangerous this vulnerability is.

5.5Medium
  • Published Date:Sep 5, 2025
  • CISA KEV Date:*No Data*
  • Industries Affected:20

Threat Predictions

  • EPSS Score:0.0
  • EPSS Percentile:5%

Exploitability

  • Score:1.8
  • Attack Vector:LOCAL
  • Attack Complexity:LOW
  • Privileges Required:LOW
  • User Interaction:NONE
  • Scope:UNCHANGED

Impact

  • Score:3.6
  • Confidentiality Impact:NONE
  • Integrity Impact:NONE
  • Availability Impact:HIGH

Description Preview

A use-after-free vulnerability in the Linux kernel's QAT driver can lead to kernel crashes during repeated device loading and unloading.

Overview

The vulnerability arises from the interaction between device-specific QAT drivers (e.g., qat_4xxx) and the core intel_qat driver. When a power management interrupt occurs just before the device-specific driver is unloaded, a deferred routine may remain pending in the shared workqueue (qat_misc_wq). If this routine executes after the driver is unloaded, it can access freed memory, resulting in a page fault and kernel crash. This issue is particularly problematic in scenarios involving rapid loading and unloading of QAT drivers, which may occur in certain testing or dynamic reconfiguration environments.

Remediation

  • To address this vulnerability, the Linux kernel has implemented a fix that flushes the misc workqueue during device shutdown. This ensures that all pending work items are completed before the driver is unloaded, preventing the use-after-free scenario. Users and administrators should update their Linux kernel to a patched version:
  • 1. For kernel series 5.18 to 6.6, update to version 6.6.103 or later.
  • 2. For kernel series 6.7 to 6.12, update to version 6.12.44 or later.
  • 3. For kernel series 6.13 to 6.16, update to version 6.16.4 or later.
  • It's important to note that while this fix may slightly increase shutdown latency if the workqueue contains jobs from other devices, it ensures system stability and prevents potential crashes.

References

  • [1] Git kernel patch: 3d4df408ba9bad2b205c7fb8afc1836a6a4ca88a
  • [2] Git kernel patch: 5858448a6c65d8ee3f8600570d3ce19febcb33be
  • [3] Git kernel patch: e59a52e429e13df3feb34f4853a8e36d121ed937
  • [4] Git kernel patch: fa4c14a82747886d333d8baef0d26da86ba1ccf7
  • [5] Git kernel patch: fe546f5c50fc474daca6bee72caa7ab68a74c33d

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Medium
Manufacturing icon
Manufacturing
Public Administration icon
Public Administration
Health Care and Social Assistance icon
Health Care and Social Assistance
Professional, Scientific, and Technical Services icon
Professional, Scientific, and Technical Services
Low
Mining icon
Mining
Utilities icon
Utilities
Information icon
Information
Construction icon
Construction
Retail Trade icon
Retail Trade
Wholesale Trade icon
Wholesale Trade
Educational Services icon
Educational Services
Finance and Insurance icon
Finance and Insurance
Real Estate Rental and Leasing icon
Real Estate Rental and Leasing
Transportation and Warehousing icon
Transportation and Warehousing
Accommodation and Food Services icon
Accommodation and Food Services
Arts, Entertainment, and Recreation icon
Arts, Entertainment, and Recreation
Management of Companies and Enterprises icon
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting icon
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration) icon
Other Services (except Public Administration)
Administrative and Support and Waste Management and Remediation Services icon
Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!