futex: Use correct exit on failure from futex_hash_allocate_default()
CVE-2025-39976

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-39976?

In the Linux kernel, the following vulnerability has been resolved:

futex: Use correct exit on failure from futex_hash_allocate_default()

copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_allocate_default(), neither tasklist_lock nor siglock has been acquired. The exit label bad_fork_core_free unlocks both of these locks which is wrong.

The next exit label, bad_fork_cancel_cgroup, is the correct exit. sched_cgroup_fork() did not allocate any resources that need to freed.

Use bad_fork_cancel_cgroup on error exit from futex_hash_allocate_default().

Affected Version(s)

Linux 7c4f75a21f636486d2969d9b6680403ea8483539

Linux 7c4f75a21f636486d2969d9b6680403ea8483539 < 4ec3c15462b9f44562f45723a92e2807746ba7d1

Linux 6.16

References

https://git.kernel.org/stable/c/f1635765cd0fdbf27b04d9a50...

https://git.kernel.org/stable/c/4ec3c15462b9f44562f45723a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Apr 16, 2025

JSON