CVE-2026-31652

EPSS 0.01%
Veröffentlicht 24.04.2026 14:45:04
Zuletzt bearbeitet 27.04.2026 20:16:12
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

mm/damon/stat: deallocate damon_call() failure leaking damon_ctx

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/stat: deallocate damon_call() failure leaking damon_ctx

damon_stat_start() always allocates the module's damon_ctx object
(damon_stat_context).  Meanwhile, if damon_call() in the function fails,
the damon_ctx object is not deallocated.  Hence, if the damon_call() is
failed, and the user writes Y to “enabled” again, the previously
allocated damon_ctx object is leaked.

This cannot simply be fixed by deallocating the damon_ctx object when
damon_call() fails.  That's because damon_call() failure doesn't guarantee
the kdamond main function, which accesses the damon_ctx object, is
completely finished.  In other words, if damon_stat_start() deallocates
the damon_ctx object after damon_call() failure, the not-yet-terminated
kdamond could access the freed memory (use-after-free).

Fix the leak while avoiding the use-after-free by keeping returning
damon_stat_start() without deallocating the damon_ctx object after
damon_call() failure, but deallocating it when the function is invoked
again and the kdamond is completely terminated.  If the kdamond is not yet
terminated, simply return -EAGAIN, as the kdamond will soon be terminated.

The issue was discovered [1] by sashiko.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 10 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.17.1 < 6.18.23

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.13

Linux ≫ Linux Kernel Version6.17 Update-

Linux ≫ Linux Kernel Version7.0 Updaterc1

Linux ≫ Linux Kernel Version7.0 Updaterc2

Linux ≫ Linux Kernel Version7.0 Updaterc3

Linux ≫ Linux Kernel Version7.0 Updaterc4

Linux ≫ Linux Kernel Version7.0 Updaterc5

Linux ≫ Linux Kernel Version7.0 Updaterc6

Linux ≫ Linux Kernel Version7.0 Updaterc7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.022

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/447f8870b484f6596d7a7130e72bd0a3f1e037bb

Patch

https://git.kernel.org/stable/c/16c92e9bf55fa049ddb5e894dc0623dacd46a620

Patch

https://git.kernel.org/stable/c/4c04c6b47c361612b1d70cec8f7a60b1482d1400

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-31652

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31652

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31652

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-31652