Preface: The buddy allocator is a well-known memory management algorithm used in the Linux kernel. It is designed to efficiently allocate and deallocate memory in contiguous blocks.

Background: What is RCU usage in the Linux kernel?

Read-copy update (RCU) is a scalable high-performance synchronization mechanism implemented in the Linux kernel. RCU’s novel properties include support for con- current reading and writing, and highly optimized inter- CPU synchronization.

Currently kvfree_rcu() APIs use a system workqueue which is “system_unbound_wq” to driver RCU machinery to reclaim a memory.

In the Linux kernel, the kvfree_rcu() API uses a system workqueue, specifically the system_unbound_wq, to drive RCU (Read-Copy-Update) machinery for memory reclamation. This setup is used to handle deferred memory freeing in a non-blocking manner. However, there was a recent change where the workqueue was switched to WQ_MEM_RECLAIM to ensure that memory reclamation tasks are handled more efficiently and to avoid potential kernel warnings.

Not every Linux API uses the system_unbound_wq to request memory. The system_unbound_wq is a specific type of workqueue used for tasks that are not bound to any particular CPU, allowing them to run on any available CPU. This is useful for tasks that require high concurrency or have wide fluctuations in concurrency levels.

Vulnerability details: The issue with kvfree_rcu() is primarily related to how it uses the system workqueue (system_unbound_wq) for memory reclamation. This can lead to kernel warnings and potential system instability. The warnings indicate that the workqueue framework rules are being violated, which can affect the reliability of the memory reclamation process.

Remedy: So, while kvfree_rcu() itself is not fundamentally flawed, the way it was implemented led to issues that have now been resolved by using a more appropriate workqueue.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-21983