Linux Kernel Vulnerability Affecting Block Layer Operations
CVE-2025-39999

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-39999?

A vulnerability in the Linux kernel's block layer management can lead to a double free scenario when the number of request tags increases. Specifically, the issue arises in the blk-mq implementation where the scheduled tags management can lead to a kernel panic if not correctly handled. When users modify the 'nr_requests' sysfs attribute, it inadvertently frees the current allocated tags while mismanaging the pointers, creating a risk of two free operations on the same memory. A fix has been implemented to ensure proper allocation and management of tags, yet some underlying challenges may require future refactoring for a comprehensive resolution.

Affected Version(s)

Linux 58567d8e95c096ad234963df90a2ca518901f4b6 < 8faee580d63bc2a54a59dcdb7f9ce4de29384fec

Linux f5a6604f7a4405450e4a1f54e5430f47290c500f < 392b1d64911f4de8887fe8b68299fa8bd6e5b923

Linux f5a6604f7a4405450e4a1f54e5430f47290c500f

References

https://git.kernel.org/stable/c/8faee580d63bc2a54a59dcdb7...

https://git.kernel.org/stable/c/392b1d64911f4de8887fe8b68...

https://git.kernel.org/stable/c/ba28afbd9eff2a6370f23ef4e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Apr 16, 2025

JSON