CVE-2025-21999: 
Linux Kernel vulnerability analysis and mitigation

A Use-After-Free (UAF) vulnerability was discovered in the Linux kernel's proc filesystem handling, specifically in the procgetinode() function (CVE-2025-21999). The vulnerability was disclosed on April 3, 2025, affecting Linux kernel versions from 6.2 up to 6.6.85 and versions from 6.13 up to 6.13.9 (NVD).

The vulnerability stems from a race condition between module removal (rmmod) and /proc/XXX's inode instantiation. The core issue is that pde->procops belongs to a module rather than /proc, making it unsafe to dereference after /proc entry registration without proper usepde/unuse_pde pair implementation. The vulnerability has received a CVSS v3.1 Base Score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability can lead to a use-after-free condition in the Linux kernel, potentially resulting in privilege escalation, system crashes, or information disclosure. The vulnerability affects multiple Linux distributions including Debian Bookworm and Bullseye (Debian Security).

The vulnerability has been fixed in Linux kernel version 6.1.133-1 for Debian Bookworm and version 6.12.21-1 for Debian Trixie. Users are strongly recommended to upgrade their Linux kernel packages to these patched versions (Debian Security).