CVE-2025-21983 - Vulnerability Details

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Source	ID	Title
EUVD	EUVD-2025-9337	In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a system workqueue which is "system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning can be observed: <snip> workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120 Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ... CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1 Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023 Workqueue: nvme-wq nvme_scan_work RIP: 0010:check_flush_dependency+0x112/0x120 Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ... RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082 RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027 RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88 RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400 R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000 CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa4/0x140 ? check_flush_dependency+0x112/0x120 ? report_bug+0xe1/0x140 ? check_flush_dependency+0x112/0x120 ? handle_bug+0x5e/0x90 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? timer_recalc_next_expiry+0x190/0x190 ? check_flush_dependency+0x112/0x120 ? check_flush_dependency+0x112/0x120 __flush_work.llvm.1643880146586177030+0x174/0x2c0 flush_rcu_work+0x28/0x30 kvfree_rcu_barrier+0x12f/0x160 kmem_cache_destroy+0x18/0x120 bioset_exit+0x10c/0x150 disk_release.llvm.6740012984264378178+0x61/0xd0 device_release+0x4f/0x90 kobject_put+0x95/0x180 nvme_put_ns+0x23/0xc0 nvme_remove_invalid_namespaces+0xb3/0xd0 nvme_scan_work+0x342/0x490 process_scheduled_works+0x1a2/0x370 worker_thread+0x2ff/0x390 ? pwq_release_workfn+0x1e0/0x1e0 kthread+0xb1/0xe0 ? __kthread_parkme+0x70/0x70 ret_from_fork+0x30/0x40 ? __kthread_parkme+0x70/0x70 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- <snip> To address this switch to use of independent WQ_MEM_RECLAIM workqueue, so the rules are not violated from workqueue framework point of view. Apart of that, since kvfree_rcu() does reclaim memory it is worth to go with WQ_MEM_RECLAIM type of wq because it is designed for this purpose.

Link	Providers
https://git.kernel.org/stable/c/656e35bf66a11e1adde44c4c12050086dc39f241
https://git.kernel.org/stable/c/a74979dce9e9c61f6d797c3761020252c4d8dc63
https://git.kernel.org/stable/c/dfd3df31c9db752234d7d2e09bef2aeabb643ce4
https://lore.kernel.org/linux-cve-announce/2025040149-CVE-2025-21983-1bcc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-21983
https://www.cve.org/CVERecord?id=CVE-2025-21983

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc5::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025040149-CVE-2025-21983-1bcc@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-21983 https://www.cve.org/CVERecord?id=CVE-2025-21983
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a system workqueue which is "system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning can be observed: <snip> workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120 Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ... CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1 Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023 Workqueue: nvme-wq nvme_scan_work RIP: 0010:check_flush_dependency+0x112/0x120 Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ... RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082 RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027 RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88 RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400 R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000 CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa4/0x140 ? check_flush_dependency+0x112/0x120 ? report_bug+0xe1/0x140 ? check_flush_dependency+0x112/0x120 ? handle_bug+0x5e/0x90 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? timer_recalc_next_expiry+0x190/0x190 ? check_flush_dependency+0x112/0x120 ? check_flush_dependency+0x112/0x120 __flush_work.llvm.1643880146586177030+0x174/0x2c0 flush_rcu_work+0x28/0x30 kvfree_rcu_barrier+0x12f/0x160 kmem_cache_destroy+0x18/0x120 bioset_exit+0x10c/0x150 disk_release.llvm.6740012984264378178+0x61/0xd0 device_release+0x4f/0x90 kobject_put+0x95/0x180 nvme_put_ns+0x23/0xc0 nvme_remove_invalid_namespaces+0xb3/0xd0 nvme_scan_work+0x342/0x490 process_scheduled_works+0x1a2/0x370 worker_thread+0x2ff/0x390 ? pwq_release_workfn+0x1e0/0x1e0 kthread+0xb1/0xe0 ? __kthread_parkme+0x70/0x70 ret_from_fork+0x30/0x40 ? __kthread_parkme+0x70/0x70 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- <snip> To address this switch to use of independent WQ_MEM_RECLAIM workqueue, so the rules are not violated from workqueue framework point of view. Apart of that, since kvfree_rcu() does reclaim memory it is worth to go with WQ_MEM_RECLAIM type of wq because it is designed for this purpose.
Title		mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq
References		https://git.kernel.org/stable/c/656e35bf66a11e1adde44c4c12050086dc39f241 https://git.kernel.org/stable/c/a74979dce9e9c61f6d797c3761020252c4d8dc63 https://git.kernel.org/stable/c/dfd3df31c9db752234d7d2e09bef2aeabb643ce4

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-21983", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.799Z", "datePublished": "2025-04-01T15:47:10.949Z", "dateUpdated": "2025-05-04T07:26:34.652Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:26:34.652Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq\n\nCurrently kvfree_rcu() APIs use a system workqueue which is\n\"system_unbound_wq\" to driver RCU machinery to reclaim a memory.\n\nRecently, it has been noted that the following kernel warning can\nbe observed:\n\n<snip>\nworkqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work\n WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120\n Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ...\n CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1\n Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023\n Workqueue: nvme-wq nvme_scan_work\n RIP: 0010:check_flush_dependency+0x112/0x120\n Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ...\n RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082\n RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027\n RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88\n RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd\n R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400\n R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000\n CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __warn+0xa4/0x140\n ? check_flush_dependency+0x112/0x120\n ? report_bug+0xe1/0x140\n ? check_flush_dependency+0x112/0x120\n ? handle_bug+0x5e/0x90\n ? exc_invalid_op+0x16/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? timer_recalc_next_expiry+0x190/0x190\n ? check_flush_dependency+0x112/0x120\n ? check_flush_dependency+0x112/0x120\n __flush_work.llvm.1643880146586177030+0x174/0x2c0\n flush_rcu_work+0x28/0x30\n kvfree_rcu_barrier+0x12f/0x160\n kmem_cache_destroy+0x18/0x120\n bioset_exit+0x10c/0x150\n disk_release.llvm.6740012984264378178+0x61/0xd0\n device_release+0x4f/0x90\n kobject_put+0x95/0x180\n nvme_put_ns+0x23/0xc0\n nvme_remove_invalid_namespaces+0xb3/0xd0\n nvme_scan_work+0x342/0x490\n process_scheduled_works+0x1a2/0x370\n worker_thread+0x2ff/0x390\n ? pwq_release_workfn+0x1e0/0x1e0\n kthread+0xb1/0xe0\n ? __kthread_parkme+0x70/0x70\n ret_from_fork+0x30/0x40\n ? __kthread_parkme+0x70/0x70\n ret_from_fork_asm+0x11/0x20\n </TASK>\n ---[ end trace 0000000000000000 ]---\n<snip>\n\nTo address this switch to use of independent WQ_MEM_RECLAIM\nworkqueue, so the rules are not violated from workqueue framework\npoint of view.\n\nApart of that, since kvfree_rcu() does reclaim memory it is worth\nto go with WQ_MEM_RECLAIM type of wq because it is designed for\nthis purpose."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/slab_common.c"], "versions": [{"version": "6c6c47b063b593785202be158e61fe5c827d6677", "lessThan": "a74979dce9e9c61f6d797c3761020252c4d8dc63", "status": "affected", "versionType": "git"}, {"version": "6c6c47b063b593785202be158e61fe5c827d6677", "lessThan": "656e35bf66a11e1adde44c4c12050086dc39f241", "status": "affected", "versionType": "git"}, {"version": "6c6c47b063b593785202be158e61fe5c827d6677", "lessThan": "dfd3df31c9db752234d7d2e09bef2aeabb643ce4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/slab_common.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.20", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.8", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.13.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a74979dce9e9c61f6d797c3761020252c4d8dc63"}, {"url": "https://git.kernel.org/stable/c/656e35bf66a11e1adde44c4c12050086dc39f241"}, {"url": "https://git.kernel.org/stable/c/dfd3df31c9db752234d7d2e09bef2aeabb643ce4"}], "title": "mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq", "x_generator": {"engine": "bippy-1.2.0"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6AE02FC-5B2D-426A-B8D7-3D71FBE28D40", "versionEndExcluding": "6.12.20", "versionStartIncluding": "6.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A20D4D7-B329-4C68-B662-76062EA7DCF0", "versionEndExcluding": "6.13.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*", "matchCriteriaId": "66619FB8-0AAF-4166-B2CF-67B24143261D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*", "matchCriteriaId": "D3D6550E-6679-4560-902D-AF52DCFE905B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*", "matchCriteriaId": "45B90F6B-BEC7-4D4E-883A-9DBADE021750", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq\n\nCurrently kvfree_rcu() APIs use a system workqueue which is\n\"system_unbound_wq\" to driver RCU machinery to reclaim a memory.\n\nRecently, it has been noted that the following kernel warning can\nbe observed:\n\n<snip>\nworkqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work\n WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120\n Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ...\n CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1\n Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023\n Workqueue: nvme-wq nvme_scan_work\n RIP: 0010:check_flush_dependency+0x112/0x120\n Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ...\n RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082\n RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027\n RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88\n RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd\n R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400\n R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000\n CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __warn+0xa4/0x140\n ? check_flush_dependency+0x112/0x120\n ? report_bug+0xe1/0x140\n ? check_flush_dependency+0x112/0x120\n ? handle_bug+0x5e/0x90\n ? exc_invalid_op+0x16/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? timer_recalc_next_expiry+0x190/0x190\n ? check_flush_dependency+0x112/0x120\n ? check_flush_dependency+0x112/0x120\n __flush_work.llvm.1643880146586177030+0x174/0x2c0\n flush_rcu_work+0x28/0x30\n kvfree_rcu_barrier+0x12f/0x160\n kmem_cache_destroy+0x18/0x120\n bioset_exit+0x10c/0x150\n disk_release.llvm.6740012984264378178+0x61/0xd0\n device_release+0x4f/0x90\n kobject_put+0x95/0x180\n nvme_put_ns+0x23/0xc0\n nvme_remove_invalid_namespaces+0xb3/0xd0\n nvme_scan_work+0x342/0x490\n process_scheduled_works+0x1a2/0x370\n worker_thread+0x2ff/0x390\n ? pwq_release_workfn+0x1e0/0x1e0\n kthread+0xb1/0xe0\n ? __kthread_parkme+0x70/0x70\n ret_from_fork+0x30/0x40\n ? __kthread_parkme+0x70/0x70\n ret_from_fork_asm+0x11/0x20\n </TASK>\n ---[ end trace 0000000000000000 ]---\n<snip>\n\nTo address this switch to use of independent WQ_MEM_RECLAIM\nworkqueue, so the rules are not violated from workqueue framework\npoint of view.\n\nApart of that, since kvfree_rcu() does reclaim memory it is worth\nto go with WQ_MEM_RECLAIM type of wq because it is designed for\nthis purpose."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/slab/kvfree_rcu: Cambiar a WQ_MEM_RECLAIM wq Actualmente, las API kvfree_rcu() utilizan una cola de trabajo del sistema que es \"system_unbound_wq\" para controlar la maquinaria RCU para recuperar una memoria. Recientemente, se ha observado la siguiente advertencia del kernel: workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work ADVERTENCIA: CPU: 21 PID: 330 en kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120 M\u00f3dulos vinculados: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ... CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: GE 6.13.2-0_g925d379822da #1 Nombre del hardware: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 01/02/2023 Cola de trabajo: nvme-wq nvme_scan_work RIP: 0010:check_flush_dependency+0x112/0x120 C\u00f3digo: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ... RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082 RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027 RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88 RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400 R13: 0000000000000000 R14: ffff88907f420fb8 R15: 000000000000000 FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000 CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0 PKRU: 55555554 Seguimiento de llamadas: ? __warn+0xa4/0x140 ? check_flush_dependency+0x112/0x120 ? report_bug+0xe1/0x140 ? check_flush_dependency+0x112/0x120 ? handle_bug+0x5e/0x90 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? temporizador_recalc_pr\u00f3xima_expiraci\u00f3n+0x190/0x190 ? comprobaci\u00f3n_vaciado_dependencia+0x112/0x120 ? check_flush_dependency+0x112/0x120 __flush_work.llvm.1643880146586177030+0x174/0x2c0 flush_rcu_work+0x28/0x30 kvfree_rcu_barrier+0x12f/0x160 kmem_cache_destroy+0x18/0x120 bioset_exit+0x10c/0x150 disk_release.llvm.6740012984264378178+0x61/0xd0 device_release+0x4f/0x90 kobject_put+0x95/0x180 nvme_put_ns+0x23/0xc0 nvme_remove_invalid_namespaces+0xb3/0xd0 nvme_scan_work+0x342/0x490 process_scheduled_works+0x1a2/0x370 work_thread+0x2ff/0x390 ? pwq_release_workfn+0x1e0/0x1e0 kthread+0xb1/0xe0 ? __kthread_parkme+0x70/0x70 ret_from_fork+0x30/0x40 ? __kthread_parkme+0x70/0x70 ret_from_fork_asm+0x11/0x20 ---[ end trace 0000000000000000 ]--- Para solucionar esto, se cambia al uso de la cola de trabajo independiente WQ_MEM_RECLAIM, de modo que no se violen las reglas desde la perspectiva del marco de trabajo de la cola de trabajo. Adem\u00e1s, dado que kvfree_rcu() recupera memoria, conviene usar el tipo de cola de trabajo WQ_MEM_RECLAIM, ya que est\u00e1 dise\u00f1ado para este prop\u00f3sito."}], "id": "CVE-2025-21983", "lastModified": "2025-10-30T19:14:06.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-01T16:15:29.710", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/656e35bf66a11e1adde44c4c12050086dc39f241"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a74979dce9e9c61f6d797c3761020252c4d8dc63"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dfd3df31c9db752234d7d2e09bef2aeabb643ce4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq", "id": "2356637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356637"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq\nCurrently kvfree_rcu() APIs use a system workqueue which is\n\"system_unbound_wq\" to driver RCU machinery to reclaim a memory.\nRecently, it has been noted that the following kernel warning can\nbe observed:\n<snip>\nworkqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work\nWARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120\nModules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ...\nCPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1\nHardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023\nWorkqueue: nvme-wq nvme_scan_work\nRIP: 0010:check_flush_dependency+0x112/0x120\nCode: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ...\nRSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082\nRAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027\nRDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88\nRBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd\nR10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400\nR13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000\nCR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0\nPKRU: 55555554\nCall Trace:\n<TASK>\n? __warn+0xa4/0x140\n? check_flush_dependency+0x112/0x120\n? report_bug+0xe1/0x140\n? check_flush_dependency+0x112/0x120\n? handle_bug+0x5e/0x90\n? exc_invalid_op+0x16/0x40\n? asm_exc_invalid_op+0x16/0x20\n? timer_recalc_next_expiry+0x190/0x190\n? check_flush_dependency+0x112/0x120\n? check_flush_dependency+0x112/0x120\n__flush_work.llvm.1643880146586177030+0x174/0x2c0\nflush_rcu_work+0x28/0x30\nkvfree_rcu_barrier+0x12f/0x160\nkmem_cache_destroy+0x18/0x120\nbioset_exit+0x10c/0x150\ndisk_release.llvm.6740012984264378178+0x61/0xd0\ndevice_release+0x4f/0x90\nkobject_put+0x95/0x180\nnvme_put_ns+0x23/0xc0\nnvme_remove_invalid_namespaces+0xb3/0xd0\nnvme_scan_work+0x342/0x490\nprocess_scheduled_works+0x1a2/0x370\nworker_thread+0x2ff/0x390\n? pwq_release_workfn+0x1e0/0x1e0\nkthread+0xb1/0xe0\n? __kthread_parkme+0x70/0x70\nret_from_fork+0x30/0x40\n? __kthread_parkme+0x70/0x70\nret_from_fork_asm+0x11/0x20\n</TASK>\n---[ end trace 0000000000000000 ]---\n<snip>\nTo address this switch to use of independent WQ_MEM_RECLAIM\nworkqueue, so the rules are not violated from workqueue framework\npoint of view.\nApart of that, since kvfree_rcu() does reclaim memory it is worth\nto go with WQ_MEM_RECLAIM type of wq because it is designed for\nthis purpose."], "name": "CVE-2025-21983", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21983\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21983\nhttps://lore.kernel.org/linux-cve-announce/2025040149-CVE-2025-21983-1bcc@gregkh/T"], "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object