DEBIAN-CVE-2025-39976
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-39976
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-39976.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-39976
- Upstream
- Published
- 2025-10-15T08:15:35.400Z
- Modified
- 2025-11-20T10:18:18.868108Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futexhashallocatedefault() copyprocess() uses the wrong error exit path from futexhashallocatedefault(). After exiting from futexhashallocatedefault(), neither tasklistlock nor siglock has been acquired. The exit label badforkcorefree unlocks both of these locks which is wrong. The next exit label, badforkcancelcgroup, is the correct exit. schedcgroupfork() did not allocate any resources that need to freed. Use badforkcancelcgroup on error exit from futexhashallocate_default().
- References
Affected packages
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.16.10-1
Affected versions
6.*
6.12.38-1
6.12.41-1
6.12.43-1~bpo12+1
6.12.43-1
6.12.48-1
6.12.57-1~bpo12+1
6.12.57-1
6.13~rc6-1~exp1
6.13~rc7-1~exp1
6.13.2-1~exp1
6.13.3-1~exp1
6.13.4-1~exp1
6.13.5-1~exp1
6.13.6-1~exp1
6.13.7-1~exp1
6.13.8-1~exp1
6.13.9-1~exp1
6.13.10-1~exp1
6.13.11-1~exp1
6.14.3-1~exp1
6.14.5-1~exp1
6.14.6-1~exp1
6.15~rc7-1~exp1
6.15-1~exp1
6.15.1-1~exp1
6.15.2-1~exp1
6.15.3-1~exp1
6.15.4-1~exp1
6.15.5-1~exp1
6.15.6-1~exp1
6.16~rc7-1~exp1
6.16-1~exp1
6.16.1-1~exp1
6.16.3-1~bpo13+1
6.16.3-1
6.16.5-1
6.16.6-1
6.16.7-1
6.16.8-1
6.16.9-1