What is CVE-2025-39977?

CVE-2025-39977 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.15 onward and patched in 6.1.155, 6.6.109, 6.12.50 and others. CVE-2025-39977 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-39977?

CVE-2025-39977 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-39977?

Yes, CVE-2025-39977 has been patched. Fixed versions include 6.1.155, 6.6.109, 6.12.50 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-39977 actively exploited?

CVE-2025-39977 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-39977

In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futex_wait_requeue_pi() futex_do_wait() schedule() futex_requeue() futex_proxy_trylock_atomic() futex_requeue_pi_prepare() requeue_pi_wake_futex() futex_requeue_pi_complete() /* preempt */ * timeout/ signal wakes T1 * futex_requeue_pi_wakeup_sync() // Q_REQUEUE_PI_LOCKED futex_hash_put() // back to userland, on stack futex_q is garbage /* back */ wake_up_state(q->task, TASK_NORMAL); In this scenario futex_wait_requeue_pi() is able to leave without using futex_q::lock_ptr for synchronization. This can be prevented by reading futex_q::task before updating the futex_q::requeue_state. A reference on the task_struct is not needed because requeue_pi_wake_futex() is invoked with a spinlock_t held which implies a RCU read section. Even if T1 terminates immediately after, the task_struct will remain valid during T2's wake_up_state(). A READ_ONCE on futex_q::task before futex_requeue_pi_complete() is enough because it ensures that the variable is read before the state is updated. Read futex_q::task before updating the requeue state, use it for the following wakeup.

Package Linux Kernel

Published 2025-10-15

Last modified 2026-05-12

Patch available

Yes

Affected versions

Linux kernel versions 5.15 and later are affected. Fixed in 6.1.155, 6.6.109, 6.12.50, 6.16.10, 6.17 and their respective stable series.

Affected from

≥ 5.15

Fixed in

✓ 6.1.155 6.1.x ✓ 6.6.109 6.6.x ✓ 6.12.50 6.12.x ✓ 6.16.10 6.16.x ✓ 6.17

References

The following references provide additional information about CVE-2025-39977 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Kernel patch commit
https://git.kernel.org/stable/c/348736955ed6ca6e99ca24b93b1d3fbfe352c181
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a170b9c0dde83312b8b58ccc91509c7c15711641
Patch
Kernel patch commit
https://git.kernel.org/stable/c/b549113738e8c751b613118032a724b772aa83f2
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-39977?

CVE-2025-39977 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15 onward and has been patched in 6.1.155, 6.6.109, 6.12.50 and others. CVE-2025-39977 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-39977?

Yes — CVE-2025-39977 has been patched. Fixed versions include 6.1.155, 6.6.109, 6.12.50 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-39977 actively exploited?

No — CVE-2025-39977 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.