-

CVE-2025-39877

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs: fix use-after-free in state_show()

state_show() reads kdamond->damon_ctx without holding damon_sysfs_lock. 
This allows a use-after-free race:

CPU 0                         CPU 1
-----                         -----
state_show()                  damon_sysfs_turn_damon_on()
ctx = kdamond->damon_ctx;     mutex_lock(&damon_sysfs_lock);
                              damon_destroy_ctx(kdamond->damon_ctx);
                              kdamond->damon_ctx = NULL;
                              mutex_unlock(&damon_sysfs_lock);
damon_is_running(ctx);        /* ctx is freed */
mutex_lock(&ctx->kdamond_lock); /* UAF */

(The race can also occur with damon_sysfs_kdamonds_rm_dirs() and
damon_sysfs_kdamond_release(), which free or replace the context under
damon_sysfs_lock.)

Fix by taking damon_sysfs_lock before dereferencing the context, mirroring
the locking used in pid_show().

The bug has existed since state_show() first accessed kdamond->damon_ctx.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 3858c44341ad49dc7544b19cc9f9ecffaa7cc50e
Version a61ea561c87139992fe32afdee48a6f6b85d824a
Status affected
Version < 60d7a3d2b985a395318faa1d88da6915fad11c19
Version a61ea561c87139992fe32afdee48a6f6b85d824a
Status affected
Version < 26d29b2ac87a2989071755f9828ebf839b560d4c
Version a61ea561c87139992fe32afdee48a6f6b85d824a
Status affected
Version < 4e87f461d61959647464a94d11ae15c011be58ce
Version a61ea561c87139992fe32afdee48a6f6b85d824a
Status affected
Version < 3260a3f0828e06f5f13fac69fb1999a6d60d9cff
Version a61ea561c87139992fe32afdee48a6f6b85d824a
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.18
Status affected
Version < 5.18
Version 0
Status unaffected
Version <= 6.1.*
Version 6.1.153
Status unaffected
Version <= 6.6.*
Version 6.6.107
Status unaffected
Version <= 6.12.*
Version 6.12.48
Status unaffected
Version <= 6.16.*
Version 6.16.8
Status unaffected
Version <= *
Version 6.17
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.049
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String