CVE-2025-39698
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.7 (inc) to 6.12.44 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.16.4 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-672 | The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. |
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's io_uring/futex subsystem involves improper cleanup in the io_futex_wait() function on failure. Specifically, the io_futex_data is allocated and assigned to the async_data field without marking the request with the REQ_F_ASYNC_DATA flag, which indicates whether async_data is valid. On failure, the futex handler frees the data but does not clear the async_data pointer or the flag, potentially leading to inconsistent state or use-after-free conditions.
How can this vulnerability impact me? :
This vulnerability could lead to improper handling of asynchronous futex wait requests, potentially causing kernel memory corruption or use-after-free scenarios. Such issues might be exploited to cause system instability, crashes, or privilege escalation, impacting system security and reliability.