CVE-2025-39877

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs: fix use-after-free in state_show()

stateshow() reads kdamond->damonctx without holding damonsysfslock. This allows a use-after-free race:

CPU 0 CPU 1 ----- ----- stateshow() damonsysfsturndamonon() ctx = kdamond->damonctx; mutexlock(&damonsysfslock); damondestroyctx(kdamond->damonctx); kdamond->damonctx = NULL; mutexunlock(&damonsysfslock); damonisrunning(ctx); /* ctx is freed / mutexlock(&ctx->kdamondlock); / UAF */

(The race can also occur with damonsysfskdamondsrmdirs() and damonsysfskdamondrelease(), which free or replace the context under damonsysfs_lock.)

Fix by taking damonsysfslock before dereferencing the context, mirroring the locking used in pid_show().

The bug has existed since stateshow() first accessed kdamond->damonctx.