What is the severity of CVE-2025-39999?

CVE-2025-39999 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2025-39999?

No known public exploits are currently available for CVE-2025-39999.

Is there a patch available for CVE-2025-39999?

Yes, patches are available for CVE-2025-39999. Check the vendor advisories for update instructions.

CVE-2025-39999 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score0.0

None

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

0.0

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

In the Linux kernel, the following vulnerability has been resolved:

blk-mq: fix blk_mq_tags double free while nr_requests grown

In the case user trigger tags grow by queue sysfs attribute nr_requests, hctx->sched_tags will be freed directly and replaced with a new allocated tags, see blk_mq_tag_update_depth().

The problem is that hctx->sched_tags is from elevator->et->tags, while et->tags is still the freed tags, hence later elevator exit will try to free the tags again, causing kernel panic.

Fix this problem by replacing et->tags with new allocated tags as well.

Noted there are still some long term problems that will require some refactor to be fixed thoroughly[1].

[1] https://lore.kernel.org/all/[email protected]/

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-