CVE-2025-38031
📋 TL;DR
This CVE describes a reference count leak vulnerability in the Linux kernel's padata subsystem. When queue_work() fails to queue a work item because it's already queued, the parallel_data refcount is incremented but never decremented, leading to a memory leak. This affects Linux systems using the padata subsystem, typically for cryptographic operations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service.
Likely Case
Memory leak that gradually consumes kernel memory over time, potentially leading to performance degradation or system instability.
If Mitigated
With proper monitoring and memory limits, impact is limited to potential performance issues rather than complete system failure.
🎯 Exploit Status
Exploitation requires triggering the specific code path in padata's reorder_work function. This is a memory leak rather than a code execution vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (references show multiple stable commits)
Vendor Advisory: https://git.kernel.org/stable/c/1a426abdf1c86882c9203dd8182f3b8274b89938
Restart Required: Yes
Instructions:
1. Identify your Linux kernel version. 2. Check if patches are available for your distribution. 3. Update kernel package via package manager (apt, yum, dnf, etc.). 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable padata subsystem
linuxRemove or disable padata functionality if not required
echo 'blacklist padata' >> /etc/modprobe.d/blacklist.conf
rmmod padata
🧯 If You Can't Patch
- Monitor kernel memory usage and system stability metrics
- Restrict access to cryptographic operations that use padata subsystem
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare against patched versions. Examine if padata subsystem is loaded: lsmod | grep padataCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version. Check system logs for memory leak indicators.📡 Detection & Monitoring
Log Indicators:
- Kernel memory allocation failures
- System instability or crashes
- High kernel memory usage in monitoring tools
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
Search for kernel panic logs, out of memory errors, or process crashes related to cryptomgr_probe🔗 References
- https://git.kernel.org/stable/c/1a426abdf1c86882c9203dd8182f3b8274b89938
- https://git.kernel.org/stable/c/1c65ae4988714716101555fe2b9830e33136d6fb
- https://git.kernel.org/stable/c/5300e487487d7a2e3e1e6e9d8f03ed9452e4019e
- https://git.kernel.org/stable/c/584a729615fa92f4de45480efb7e569d14be1516
- https://git.kernel.org/stable/c/b9ad8e50e8589607e68e6c4cefa7f72bf35a2cb1
- https://git.kernel.org/stable/c/cceb15864e1612ebfbc10ec4e4dcd19a10c0056c
- https://git.kernel.org/stable/c/d6ebcde6d4ecf34f8495fb30516645db3aea8993
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
