CVE-2025-39698

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The io futex wait() function in the Linux kernel does not properly clean up resources on failure. Specifically, the io futex data is allocated but the corresponding flag indicating its validity is not always set, and the data is not cleared in the error path after being freed. This can lead to issues with resource management. The issue was reported by Trend Micro Zero Day Initiative and ReDress.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

LPE

Allocation of Resources Without Limits

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-672CWE-416

Related Identifiers

ALSA-2025:16880

ALSA-2025:16904

BDU:2025-12706

CVE-2025-39698

DSA-6008-1

INFSA-2025_16880

LSN-0118-1

OPENSUSE-SU-2025:20081-1

RHSA-2025_16880

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2026:20635-1

SUSE-SU-2026:20644-1

SUSE-SU-2026:20645-1

USN-8015-1

USN-8015-2

USN-8015-3

USN-8015-4

USN-8015-5

USN-8016-1

USN-8052-1

USN-8074-1

USN-8074-2

USN-8126-1

ZDI-25-915

Affected Products

Almalinux

Astra Linux

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-39698

Weakness Enumeration

Related Identifiers

Affected Products

References · 2533