CVE-2025-39976

Summary

In the Linux kernel, the following vulnerability has been resolved:

futex: Use correct exit on failure from futex_hash_allocate_default()

copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_allocate_default(), neither tasklist_lock nor siglock has been acquired. The exit label bad_fork_core_free unlocks both of these locks which is wrong.

The next exit label, bad_fork_cancel_cgroup, is the correct exit. sched_cgroup_fork() did not allocate any resources that need to freed.

Use bad_fork_cancel_cgroup on error exit from futex_hash_allocate_default().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7c4f75a21f636486d2969d9b6680403ea8483539 < f1635765cd0fdbf27b04d9a50be91a01b5adda13affected
LinuxLinux7c4f75a21f636486d2969d9b6680403ea8483539 < 4ec3c15462b9f44562f45723a92e2807746ba7d1affected
LinuxLinux6.16affected
LinuxLinux0 < 6.16unaffected
LinuxLinux6.16.10 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References