Description
In the Linux kernel, the following vulnerability has been resolved:

cgroup/dmem: fix NULL pointer dereference when setting max

An issue was triggered:

BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: Oops: 0000 [#1] SMP NOPTI
CPU: 15 UID: 0 PID: 658 Comm: bash Tainted: 6.19.0-rc6-next-2026012
Tainted: [O]=OOT_MODULE
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
RIP: 0010:strcmp+0x10/0x30
RSP: 0018:ffffc900017f7dc0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888107cd4358
RDX: 0000000019f73907 RSI: ffffffff82cc381a RDI: 0000000000000000
RBP: ffff8881016bef0d R08: 000000006c0e7145 R09: 0000000056c0e714
R10: 0000000000000001 R11: ffff888107cd4358 R12: 0007ffffffffffff
R13: ffff888101399200 R14: ffff888100fcb360 R15: 0007ffffffffffff
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000105c79000 CR4: 00000000000006f0
Call Trace:
<TASK>
dmemcg_limit_write.constprop.0+0x16d/0x390
? __pfx_set_resource_max+0x10/0x10
kernfs_fop_write_iter+0x14e/0x200
vfs_write+0x367/0x510
ksys_write+0x66/0xe0
do_syscall_64+0x6b/0x390
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f42697e1887

It was trriggered setting max without limitation, the command is like:
"echo test/region0 > dmem.max". To fix this issue, add check whether
options is valid after parsing the region_name.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel Crash (Denial of Service)
Action: Apply Patch
AI Analysis

Impact

The flaw is a null pointer dereference that occurs in the Linux kernel’s cgroup/dmem subsystem when an administrator writes to the dmem.max file without specifying a resource limit. The kernel then crashes into an Oops state, causing a kernel panic that renders the host system unavailable. This vulnerability does not grant code execution or privilege escalation on its own; its primary consequence is an availability loss for the affected machine.

Affected Systems

All Linux kernel builds that implement the cgroup/dmem interface and lack the recent patch are vulnerable. The issue was observed in a 6.19.0-rc6-next build and is addressed in newer releases of the kernel. Distributions shipping kernel versions preceding the fix remain at risk regardless of other configuration settings.

Risk and Exploitability

With a CVSS score of 5.5 the engineering severity is moderate. An EPSS score of less than 1% indicates that the likelihood of real-world exploitation is currently extremely low, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred from the description: local access with the ability to write to /sys/fs/cgroup/dmem/dmem.max, typically requiring root or privileged access. When written to without a limit, the kernel panics, but no further compromise is possible beyond the denial of service.

Generated by OpenCVE AI on April 18, 2026 at 12:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the null‑pointer check added to dmemcg_limit_write; the commit that resolves the issue is in releases newer than the 6.19.0‑rc6‑next build.
  • If a kernel upgrade cannot be performed immediately, revoke write permissions on /sys/fs/cgroup/dmem/dmem.max for non‑privileged users or enforce tighter ACLs so that only trusted accounts can modify the file.
  • Do not write to dmem.max without specifying a non‑zero limit; specifying an explicit resource quota prevents the null pointer dereference from being triggered.

Generated by OpenCVE AI on April 18, 2026 at 12:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Tue, 17 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Sat, 14 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: fix NULL pointer dereference when setting max An issue was triggered: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 15 UID: 0 PID: 658 Comm: bash Tainted: 6.19.0-rc6-next-2026012 Tainted: [O]=OOT_MODULE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), RIP: 0010:strcmp+0x10/0x30 RSP: 0018:ffffc900017f7dc0 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888107cd4358 RDX: 0000000019f73907 RSI: ffffffff82cc381a RDI: 0000000000000000 RBP: ffff8881016bef0d R08: 000000006c0e7145 R09: 0000000056c0e714 R10: 0000000000000001 R11: ffff888107cd4358 R12: 0007ffffffffffff R13: ffff888101399200 R14: ffff888100fcb360 R15: 0007ffffffffffff CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000105c79000 CR4: 00000000000006f0 Call Trace: <TASK> dmemcg_limit_write.constprop.0+0x16d/0x390 ? __pfx_set_resource_max+0x10/0x10 kernfs_fop_write_iter+0x14e/0x200 vfs_write+0x367/0x510 ksys_write+0x66/0xe0 do_syscall_64+0x6b/0x390 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f42697e1887 It was trriggered setting max without limitation, the command is like: "echo test/region0 > dmem.max". To fix this issue, add check whether options is valid after parsing the region_name.
Title cgroup/dmem: fix NULL pointer dereference when setting max
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T16:27:13.482Z

Reserved: 2026-01-13T15:37:45.984Z

Link: CVE-2026-23183

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-02-14T17:15:56.067

Modified: 2026-04-15T14:34:27.800

Link: CVE-2026-23183

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23183 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:15:15Z

Weaknesses