Wind River Support Network

HomeDefectsLIN1023-15451
Acknowledged

LIN1023-15451 : Security Advisory - linux - CVE-2025-39877

Created: Sep 23, 2025    Updated: Sep 25, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]mm/damon/sysfs: fix use-after-free in state_show()[EOL][EOL]state_show() reads kdamond->damon_ctx without holding damon_sysfs_lock. [EOL]This allows a use-after-free race:[EOL][EOL]CPU 0                         CPU 1[EOL]-----                         -----[EOL]state_show()                  damon_sysfs_turn_damon_on()[EOL]ctx = kdamond->damon_ctx;     mutex_lock(&damon_sysfs_lock);[EOL]                              damon_destroy_ctx(kdamond->damon_ctx);[EOL]                              kdamond->damon_ctx = NULL;[EOL]                              mutex_unlock(&damon_sysfs_lock);[EOL]damon_is_running(ctx);        /* ctx is freed */[EOL]mutex_lock(&ctx->kdamond_lock); /* UAF */[EOL][EOL](The race can also occur with damon_sysfs_kdamonds_rm_dirs() and[EOL]damon_sysfs_kdamond_release(), which free or replace the context under[EOL]damon_sysfs_lock.)[EOL][EOL]Fix by taking damon_sysfs_lock before dereferencing the context, mirroring[EOL]the locking used in pid_show().[EOL][EOL]The bug has existed since state_show() first accessed kdamond->damon_ctx.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube