CVE-2025-38076

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> alloc_tag: allocate percpu counters for module tags dynamically<br /> <br /> When a module gets unloaded it checks whether any of its tags are still in<br /> use and if so, we keep the memory containing module&amp;#39;s allocation tags<br /> alive until all tags are unused. However percpu counters referenced by<br /> the tags are freed by free_module(). This will lead to UAF if the memory<br /> allocated by a module is accessed after module was unloaded.<br /> <br /> To fix this we allocate percpu counters for module allocation tags<br /> dynamically and we keep it alive for tags which are still in use after<br /> module unloading. This also removes the requirement of a larger<br /> PERCPU_MODULE_RESERVE when memory allocation profiling is enabled because<br /> percpu memory for counters does not need to be reserved anymore.