[LTS 8.6] CVE-2025-21786

[pvts-mat]

[LTS 8.6]
CVE-2025-21786
VULN-54090

Problem

https://access.redhat.com/security/cve/CVE-2025-21786

A vulnerability was found in the Linux kernel's work queue subsystem, which manages background task execution. The issue stems from improper handling of the "rescuer" thread during the cleanup of unbound work queues.

Applicability: no

The CVE-2025-21786 does not apply to LTS 8.6. The argument follows the same logic as laid out in #406.

The history of the affected file kernel/workqueue.c in ciqlts8_6 is visibly different from that of ciqlts9_4, although fully contained within, with 73 commits missing.

However, the key commits related to the problem have the same status (either missing or present):

1. The 68f8305 commit introducing the bug is missing from kernel/workqueue.c's history. The code waiting for the rescuer (and removal of which caused the bug) is present in ciqlts8_6's revision of kernel/workqueue.c just as it is in ciqlts9_4:
   

   kernel-src-tree/kernel/workqueue.c

   Lines 3559 to 3560 in 83208b0

   	if (pool->detach_completion)
   	wait_for_completion(pool->detach_completion);

2. The 77668c8 and 13b1d62 commits, used as an argument for leaving the put_pwq(…) where it is, are present.

Additionaly, the "Using the patched version is not without any cost" argument as well as "RedHat's "Affected" classification doesn't hold much weight" apply to the LTS 8.6 version with no changes.

[pvts-mat]

The "draft" status is only to prevent accidental merge, the PR is ready for review.