CVE-2025-39914 – This is a double-free vulnerability in the Linu... (How to Fix)

Q: What is the severity of CVE-2025-39914?

CVE-2025-39914 has a CVSS score of 5.5 (MEDIUM). This is a double-free vulnerability in the Linux kernel's tracing subsystem where fault injection during memory allocation can cause the same tracepoint to be registered twice, leading to a kernel warning. It affects Linux systems with kernel tracing enabled and requires local access to trigger. The vulnerability is triggered through specific sequences of writes to trace event PID files.

📋 TL;DR

This is a double-free vulnerability in the Linux kernel's tracing subsystem where fault injection during memory allocation can cause the same tracepoint to be registered twice, leading to a kernel warning. It affects Linux systems with kernel tracing enabled and requires local access to trigger. The vulnerability is triggered through specific sequences of writes to trace event PID files.

💻 Affected Systems

Products:

Linux Kernel

Versions: Kernel versions up to 6.14.0-rc5 (specifically vulnerable in 6.14.0-rc5 and earlier)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when kernel tracing is enabled and users have access to trace event PID files (/sys/kernel/tracing/set_event_pid, /sys/kernel/tracing/set_event_notrace_pid).

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash due to memory corruption from double-free condition, potentially causing denial of service.

🟠

Likely Case

Kernel warning message in logs and potential system instability, but full exploitation requires specific fault injection conditions.

🟢

If Mitigated

Minor performance impact from warning messages; system remains stable with proper memory management.

🌐 Internet-Facing: LOW - Requires local access to trigger through specific trace file operations.

🏢 Internal Only: MEDIUM - Local users with access to trace files could potentially cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires specific fault injection during memory allocation and precise sequence of operations on trace files. Discovered through syzkaller fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commit 1262bda871dace8c6efae25f3b6a2d34f6f06d54 and backported to stable branches

Vendor Advisory: https://git.kernel.org/stable/c/1262bda871dace8c6efae25f3b6a2d34f6f06d54

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commit 1262bda871dace8c6efae25f3b6a2d34f6f06d54 or later. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.

🔧 Temporary Workarounds

Disable kernel tracing

linux

Disable the kernel tracing subsystem to prevent access to vulnerable trace files

echo 0 > /sys/kernel/tracing/tracing_on
chmod 000 /sys/kernel/tracing/set_event_pid
chmod 000 /sys/kernel/tracing/set_event_notrace_pid

Restrict trace file access

linux

Limit access to trace PID files to privileged users only

chmod 600 /sys/kernel/tracing/set_event_pid
chmod 600 /sys/kernel/tracing/set_event_notrace_pid

🧯 If You Can't Patch

Restrict access to /sys/kernel/tracing directory to root only using filesystem permissions
Disable kernel tracing features through kernel boot parameters (trace_event=off)

🔍 How to Verify

Check if Vulnerable:

Check kernel version with 'uname -r' and compare against affected versions (<= 6.14.0-rc5). Check if /sys/kernel/tracing/set_event_pid exists and is accessible.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commit with 'cat /proc/version' or check kernel source for commit 1262bda871dace8c6efae25f3b6a2d34f6f06d54.

📡 Detection & Monitoring

Log Indicators:

Kernel warning messages containing 'tracepoint_add_func' or 'double register sched_switch tracepoint'
System logs showing fault injection warnings related to trace_pid_write

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("tracepoint_add_func" OR "double register" OR "trace_pid_write")

📊 Metadata

CVE ID: CVE-2025-39914

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-415

EPSS Score: 0.02% exploit probability (5.5th percentile)

Published: October 1, 2025

Last Updated: January 16, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39914, you might also want to check these: