Use-After-Free Vulnerability in Linux Kernel Kernfs Component
CVE-2025-39881

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-39881?

A use-after-free vulnerability was discovered in the Linux kernel's kernfs component, affecting the polling mechanism utilized by the Pressure Stall Information (PSI). This issue arises when an open file is released while still being referenced by ongoing polling operations. Specifically, during a race condition, disabling PSI monitoring frees the associated resources, potentially leading to access of freed memory upon re-enabling monitoring. This can introduce instability and unexpected behavior in systems relying on PSI for resource management. The vulnerability has been addressed by implementing a new function to properly manage open file references, ensuring that operations are not attempted on released descriptors.

Affected Version(s)

Linux 34f26a15611afb03c33df6819359d36f5b382589 < 34d9cafd469c69ad85e6a36b4303c78382cf5c79

Linux 34f26a15611afb03c33df6819359d36f5b382589 < 854baafc00c433cccbe0ab4231b77aeb9b637b77

Linux 34f26a15611afb03c33df6819359d36f5b382589 < 7e64474aba78d240f7804f48f2d454dcca78b15f

References

https://git.kernel.org/stable/c/34d9cafd469c69ad85e6a36b4...

https://git.kernel.org/stable/c/854baafc00c433cccbe0ab423...

https://git.kernel.org/stable/c/7e64474aba78d240f7804f48f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Apr 16, 2025

JSON