CVE-2025-39999

NONE EPSS 7.7%
Published Oct 15, 20258mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 15, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blk_mq_tags double free while nr_requests grown In the case user trigger tags grow by queue sysfs attribute nr_requests, hctx->sched_tags will be freed directly and replaced with a new allocated tags, see blk_mq_tag_update_depth(). The problem is that hctx->sched_tags is from elevator->et->tags, while et->tags is still the freed tags, hence later elevator exit will try to free the tags again, causing kernel panic. Fix this problem by replacing et->tags with new allocated tags as well. Noted there are still some long term problems that will require some refactor to be fixed thoroughly[1]. [1] https://lore.kernel.org/all/20250815080216.410665-1-yukuai1@huaweicloud.com/

Threat Intelligence

EPSS Exploit Probability
7.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 3

  • git.kernel.org https://git.kernel.org/stable/c/392b1d64911f4de8887fe8b68299fa8bd6e5b923
  • git.kernel.org https://git.kernel.org/stable/c/8faee580d63bc2a54a59dcdb7f9ce4de29384fec
  • git.kernel.org https://git.kernel.org/stable/c/ba28afbd9eff2a6370f23ef4e6a036ab0cfda409

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.