Home

Description

In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_allocate_default(), neither tasklist_lock nor siglock has been acquired. The exit label bad_fork_core_free unlocks both of these locks which is wrong. The next exit label, bad_fork_cancel_cgroup, is the correct exit. sched_cgroup_fork() did not allocate any resources that need to freed. Use bad_fork_cancel_cgroup on error exit from futex_hash_allocate_default().

PUBLISHED Reserved 2025-04-16 | Published 2025-10-15 | Updated 2025-10-15 | Assigner Linux

Product status

Default status
unaffected

7c4f75a21f636486d2969d9b6680403ea8483539 before f1635765cd0fdbf27b04d9a50be91a01b5adda13
affected

7c4f75a21f636486d2969d9b6680403ea8483539 before 4ec3c15462b9f44562f45723a92e2807746ba7d1
affected

Default status
affected

6.16
affected

Any version before 6.16
unaffected

6.16.10
unaffected

6.17
unaffected

References

git.kernel.org/...c/f1635765cd0fdbf27b04d9a50be91a01b5adda13

git.kernel.org/...c/4ec3c15462b9f44562f45723a92e2807746ba7d1

cve.org (CVE-2025-39976)

nvd.nist.gov (CVE-2025-39976)

Download JSON