CVE-2025-39976

Published: Oct 15, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_allocate_default(), neither tasklist_lock nor siglock has been acquired. The exit label bad_fork_core_free unlocks both of these locks which is wrong. The next exit label, bad_fork_cancel_cgroup, is the correct exit. sched_cgroup_fork() did not allocate any resources that need to freed. Use bad_fork_cancel_cgroup on error exit from futex_hash_allocate_default().

Vendor	Product	Versions
Linux	Linux	affected `7c4f75a21f636486d2969d9b6680403ea8483539 - < f1635765cd0fdbf27b04d9a50be91a01b5adda13` affected `7c4f75a21f636486d2969d9b6680403ea8483539 - < 4ec3c15462b9f44562f45723a92e2807746ba7d1`
Linux	Linux	affected `6.16` unaffected `0 - < 6.16` unaffected `6.16.10 - <= 6.16.` unaffected `6.17 - <= `

References

https://git.kernel.org/stable/c/f1635765cd0fdbf27b04d9a50be91a01b5adda13

https://git.kernel.org/stable/c/4ec3c15462b9f44562f45723a92e2807746ba7d1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-39976

Description

Affected Products

References