Use-After-Free Vulnerability in Linux Kernel Affects Multiple Configurations
CVE-2025-39877

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-39877?

A use-after-free vulnerability exists in the Linux kernel's handling of the state_show() function, specifically in its interaction with the kdamond->damon_ctx. When state_show() accesses this context without proper locking through damon_sysfs_lock, a race condition can occur, leading to potential exploitation and system instability. The context may be freed by another CPU while being accessed, resulting in undefined behavior and security risks. This issue has been present since the initial implementation of state_show() and has been rectified by enforcing proper locking mechanisms before dereferencing the context, ensuring that the integrity of the system is maintained.

Affected Version(s)

Linux a61ea561c87139992fe32afdee48a6f6b85d824a < 3858c44341ad49dc7544b19cc9f9ecffaa7cc50e

Linux a61ea561c87139992fe32afdee48a6f6b85d824a < 60d7a3d2b985a395318faa1d88da6915fad11c19

Linux a61ea561c87139992fe32afdee48a6f6b85d824a < 26d29b2ac87a2989071755f9828ebf839b560d4c

References

https://git.kernel.org/stable/c/3858c44341ad49dc7544b19cc...

https://git.kernel.org/stable/c/60d7a3d2b985a395318faa1d8...

https://git.kernel.org/stable/c/26d29b2ac87a2989071755f98...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Apr 16, 2025

JSON