CVE-2025-39914

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.14.0-rc5 and earlier

Description The Linux kernel tracing subsystem contained a flaw where a warning message was triggered during chunk allocation failures within the trace pid write function. This issue was identified through Syzkaller testing, which induced a fault injection leading to a warning during tracepoint addition. Specifically, the issue arises when a fault is injected during the allocation of memory for the trace pid list, potentially causing a double registration of the same tracepoint. This occurs when the system is under stress and does not necessarily indicate a crash, but the warning message was considered undesirable. The root cause is a lack of failure handling in the trace pid list set function.

Recommendations Update to a newer version of the Linux kernel that includes the fix for this issue.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

AZL-68034

BDU:2026-02384

CVE-2025-39914

DLA-4328-1

ECHO-FCDF-7898-0617

MGASA-2025-0309

MGASA-2025-0310

OESA-2025-2465

OESA-2025-2466

OESA-2025-2467

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-39914

Weakness Enumeration

Related Identifiers

Affected Products

References · 1463