CVE-2025-39976
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
futex: Use correct exit on failure from futex_hash_allocate_default()
copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_allocate_default(), neither tasklist_lock nor siglock has been acquired. The exit label bad_fork_core_free unlocks both of these locks which is wrong.
The next exit label, bad_fork_cancel_cgroup, is the correct exit. sched_cgroup_fork() did not allocate any resources that need to freed.
Use bad_fork_cancel_cgroup on error exit from futex_hash_allocate_default().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7c4f75a21f636486d2969d9b6680403ea8483539 < f1635765cd0fdbf27b04d9a50be91a01b5adda13 | affected |
| Linux | Linux | 7c4f75a21f636486d2969d9b6680403ea8483539 < 4ec3c15462b9f44562f45723a92e2807746ba7d1 | affected |
| Linux | Linux | 6.16 | affected |
| Linux | Linux | 0 < 6.16 | unaffected |
| Linux | Linux | 6.16.10 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/f1635765cd0fdbf27b04d9a50be91a01b5adda13
- https://git.kernel.org/stable/c/4ec3c15462b9f44562f45723a92e2807746ba7d1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.