CVE-2025-39976Improper Check or Handling of Exceptional Conditions in Linux

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-120Classic Buffer Overflow7 documents6 sources
Severity
4.5MEDIUM
No vector
EPSS
0.0%
top 92.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedOct 15

Description

In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_allocate_default(), neither tasklist_lock nor siglock has been acquired. The exit label bad_fork_core_free unlocks both of these locks which is wrong. The next exit label, bad_fork_cancel_cgroup, is the correct exit. sched_cgroup_fork() did not al

Affected Packages5 packages

Linuxlinux/linux_kernel6.16.06.16.10
Debianlinux/linux_kernel< 6.16.10-1
CVEListV5linux/linux7c4f75a21f636486d2969d9b6680403ea8483539f1635765cd0fdbf27b04d9a50be91a01b5adda13+2
debiandebian/linux< linux 6.16.10-1 (forky)

🔴Vulnerability Details

3
OSV
futex: Use correct exit on failure from futex_hash_allocate_default()2025-10-15
GHSA
GHSA-rgc5-qvp4-69x6: In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_proce2025-10-15
OSV
CVE-2025-39976: In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process2025-10-15

📋Vendor Advisories

3
Red Hat
kernel: futex: Use correct exit on failure from futex_hash_allocate_default()2025-10-15
Debian
CVE-2025-39976: linux - In the Linux kernel, the following vulnerability has been resolved: futex: Use ...2025
Microsoft
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.2023-08-08