VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 15, 2025· Updated Apr 15, 2026

CVE-2025-39976

CVE-2025-39976

Description

In the Linux kernel, the following vulnerability has been resolved:

futex: Use correct exit on failure from futex_hash_allocate_default()

copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_allocate_default(), neither tasklist_lock nor siglock has been acquired. The exit label bad_fork_core_free unlocks both of these locks which is wrong.

The next exit label, bad_fork_cancel_cgroup, is the correct exit. sched_cgroup_fork() did not allocate any resources that need to freed.

Use bad_fork_cancel_cgroup on error exit from futex_hash_allocate_default().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel futex_hash_allocate_default() uses wrong exit label on failure, causing lock unlock without acquisition.

In the Linux kernel, a vulnerability was found in the futex subsystem's hash allocation function. The function futex_hash_allocate_default() is called during process creation in copy_process(). If this function fails, the error path incorrectly jumps to the bad_fork_core_free label, which attempts to release tasklist_lock and siglock. However, these locks have not been acquired at that point in the code, leading to a lock imbalance.

The bug is a classic error handling mistake. The correct exit label should be bad_fork_cancel_cgroup, as the subsequent steps after futex_hash_allocate_default() do not involve any resource allocations that need freeing. The error path should skip the lock release that was intended for a different stage.

The impact of this bug is potential system instability. An attacker who can cause a failure in futex_hash_allocate_default(), for example by exhausting memory, could trigger the incorrect error path, resulting in a kernel lock inversion or crash. This could lead to a denial of service condition.

The issue has been fixed in the Linux kernel with the referenced commit. Users are advised to update to a patched kernel version.

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

2
f1635765cd0f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
4ec3c15462b9
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.