CVE-2025-39976 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-39976 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_allocate_default(), neither tasklist_lock nor siglock has been acquired. The exit label bad_fork_core_free unlocks both of these locks which is wrong. The next exit label, bad_fork_cancel_cgroup, is the correct exit. sched_cgroup_fork() did not allocate any resources that need to freed. Use bad_fork_cancel_cgroup on error exit from futex_hash_allocate_default().

EPSS 0.03% · 7.1th percentile

Risk Scores

EPSS Score

0.03%

7.1th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	7c4f75a21f636486d2969d9b6680403ea8483539, 7c4f75a21f636486d2969d9b6680403ea8483539, 6.16
linux	linux_kernel	6.16, 6.16

Timeline

Jan 21, 1970 Security Advisory
Oct 15, 2025 EPSS Score
Oct 15, 2025 Coalition ESS Score
Oct 15, 2025 CVE Published
Oct 19, 2025 Coalition ESS Score
Oct 21, 2025 EPSS Score
Oct 23, 2025 Coalition ESS Score
Oct 26, 2025 EPSS Score
Nov 1, 2025 EPSS Score
Nov 6, 2025 EPSS Score
Nov 12, 2025 EPSS Score
Nov 17, 2025 EPSS Score

References

Open in Interactive Console →