cve 2025 21999

CVE-2025-21999 is a high-severity Linux kernel vulnerability involving a use-after-free race condition in the proc filesystem. The flaw occurs when a race between module removal (rmmod) and inode creation in proc_get_inode() allows the kernel to dereference a freed module pointer, potentially causing system crashes or memory corruption. The fix removes the unsafe dereference by saving necessary proc entry information ahead of registration. This vulnerability affects kernel availability and integrity, and administrators are advised to apply the upstream patch promptly.