CVE-2025-39881

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free (UAF) issue exists in the PSI (Pressure Stall Information) monitoring mechanism within the Linux kernel. The problem occurs when a file descriptor is accessed after it has been freed, specifically during polling operations related to cgroup pressure monitoring. The race condition happens when disabling and then re-enabling cgroup pressure monitoring (cgroup.pressure) after establishing epoll monitoring. Disabling the monitoring releases PSI triggers and frees associated memory, while re-enabling it attempts to access the freed memory, leading to a UAF condition. The vulnerability is triggered through interactions with the kernfs file system and involves functions like cgroup file release(), kernfs drain open files(), kernfs get active(), psi trigger poll(), and cgroup pressure poll(). The issue is reproducible by opening test/cpu.pressure, establishing epoll monitoring, disabling monitoring, and then re-enabling it. The root cause is the lack of proper reference counting for kernfs open files, allowing access to freed memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.