CVE-2025-39877

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free condition within the state show() function in the mm/damon/sysfs module. The function reads kdamond->damon ctx without acquiring the damon sysfs lock, creating a race condition where the context can be freed by another process while state show() is still accessing it. This can occur when damon sysfs turn damon on(), damon sysfs kdamonds rm dirs(), or damon sysfs kdamond release() free or replace the context under the damon sysfs lock. The issue arises from dereferencing the context before ensuring it remains valid. The vulnerable function is state show().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-13886

CVE-2025-39877

DLA-4328-1

ECHO-C8FC-AECD-E3B9

MGASA-2025-0309

MGASA-2025-0310

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-39877

Weakness Enumeration

Related Identifiers

Affected Products

References · 2684