2 matches found
CVE-2025-39999 blk-mq: fix blk_mq_tags double free while nr_requests grown
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blkmqtags double free while nrrequests grown In the case user trigger tags grow by queue sysfs attribute nrrequests, hctx-schedtags will be freed directly and replaced with a new allocated tags, see blkmqtagupdatedept...
CVE-2025-39999
The CVE-2025-39999 issue affects the Linux kernel’s blk-mq path, where tags growth via the sysfs nr_requests attribute can lead to a double free: hctx->sched_tags is freed while et->tags (the allocated tags) has already been freed, risking a kernel panic during elevator exit. The documented...