CVE-2025-39999

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s block management queue (blk-mq) subsystem related to double freeing of memory associated with request tags when the number of requests grows. Specifically, when a user triggers an increase in tags via the nr requests queue sysfs attribute, the hctx->sched tags structure is freed and replaced with newly allocated tags. However, the original et->tags still points to the freed memory, leading to a double free during elevator exit, potentially causing a kernel panic. The fix involves replacing both hctx->sched tags and et->tags with new allocated tags. The issue is noted to have long-term problems that require refactoring for a thorough fix.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.