CVE-2025-39976
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-16
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
futex: Use correct exit on failure from futex_hash_allocate_default()
copy_process() uses the wrong error exit path from futex_hash_allocate_default().
After exiting from futex_hash_allocate_default(), neither tasklist_lock
nor siglock has been acquired. The exit label bad_fork_core_free unlocks
both of these locks which is wrong.
The next exit label, bad_fork_cancel_cgroup, is the correct exit.
sched_cgroup_fork() did not allocate any resources that need to freed.
Use bad_fork_cancel_cgroup on error exit from futex_hash_allocate_default().
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves an incorrect error handling path in the copy_process() function related to futex_hash_allocate_default(). When an error occurs, the function uses the wrong exit label, which attempts to unlock locks (tasklist_lock and siglock) that were never acquired, potentially leading to improper lock handling and instability.
How can this vulnerability impact me? :
The incorrect error handling and unlocking of locks that were not acquired can cause kernel instability or crashes, potentially affecting system reliability and security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70