-
CVE-2025-39877
- EPSS 0.02%
- Published 23.09.2025 06:15:47
- Last modified 24.09.2025 18:11:24
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: fix use-after-free in state_show()
state_show() reads kdamond->damon_ctx without holding damon_sysfs_lock.
This allows a use-after-free race:
CPU 0 CPU 1
----- -----
state_show() damon_sysfs_turn_damon_on()
ctx = kdamond->damon_ctx; mutex_lock(&damon_sysfs_lock);
damon_destroy_ctx(kdamond->damon_ctx);
kdamond->damon_ctx = NULL;
mutex_unlock(&damon_sysfs_lock);
damon_is_running(ctx); /* ctx is freed */
mutex_lock(&ctx->kdamond_lock); /* UAF */
(The race can also occur with damon_sysfs_kdamonds_rm_dirs() and
damon_sysfs_kdamond_release(), which free or replace the context under
damon_sysfs_lock.)
Fix by taking damon_sysfs_lock before dereferencing the context, mirroring
the locking used in pid_show().
The bug has existed since state_show() first accessed kdamond->damon_ctx.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
3858c44341ad49dc7544b19cc9f9ecffaa7cc50e
Version
a61ea561c87139992fe32afdee48a6f6b85d824a
Status
affected
Version <
60d7a3d2b985a395318faa1d88da6915fad11c19
Version
a61ea561c87139992fe32afdee48a6f6b85d824a
Status
affected
Version <
26d29b2ac87a2989071755f9828ebf839b560d4c
Version
a61ea561c87139992fe32afdee48a6f6b85d824a
Status
affected
Version <
4e87f461d61959647464a94d11ae15c011be58ce
Version
a61ea561c87139992fe32afdee48a6f6b85d824a
Status
affected
Version <
3260a3f0828e06f5f13fac69fb1999a6d60d9cff
Version
a61ea561c87139992fe32afdee48a6f6b85d824a
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
5.18
Status
affected
Version <
5.18
Version
0
Status
unaffected
Version <=
6.1.*
Version
6.1.153
Status
unaffected
Version <=
6.6.*
Version
6.6.107
Status
unaffected
Version <=
6.12.*
Version
6.12.48
Status
unaffected
Version <=
6.16.*
Version
6.16.8
Status
unaffected
Version <=
*
Version
6.17
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.049 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|