Description
In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs: check contexts->nr in repeat_call_fn

damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(),
damon_sysfs_upd_schemes_stats(), and
damon_sysfs_upd_schemes_effective_quotas() without checking contexts->nr.
If nr_contexts is set to 0 via sysfs while DAMON is running, these
functions dereference contexts_arr[0] and cause a NULL pointer
dereference. Add the missing check.

For example, the issue can be reproduced using DAMON sysfs interface and
DAMON user-space tool (damo) [1] like below.

$ sudo damo start --refresh_interval 1s
$ echo 0 | sudo tee \
/sys/kernel/mm/damon/admin/kdamonds/0/contexts/nr_contexts
Published: 2026-04-22
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a NULL pointer dereference in the Linux kernel Damon subsystem. When the number of contexts is set to zero through the sysfs interface while Damon is active, internal functions dereference a null pointer and crash the kernel. This results in a system halt rather than arbitrary code execution.

Affected Systems

The flaw exists in any Linux kernel that includes the Damon daemon monitoring functionality. It affects installations where the sysfs settings for Damon's context count are accessible and can be modified while the daemon is running. No specific affected version information is listed; the vulnerability applies to any kernel build that includes the Damon subsystem.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The flaw is catalogued outside the CISA KEV list, implying no documented public exploits. The vulnerability is triggered by writing the value 0 to the /sys/kernel/mm/damon/.../nr_contexts sysfs attribute while the Damon daemon is active; an attacker with root or equivalent local privileges can perform this manipulation, for example using the damo tool or direct sysfs writes. When nr_contexts is set to zero, internal functions dereference a null pointer, causing the kernel to crash and resulting in a denial‑of‑service condition for the affected system.

Generated by OpenCVE AI on May 5, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an updated kernel that includes the null‑pointer check in damon_sysfs_repeat_call_fn.
  • Disable or stop the Damon daemon before modifying its sysfs context settings.
  • Restrict write access to /sys/kernel/mm/damon/* to trusted administrators only.

Generated by OpenCVE AI on May 5, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Wed, 29 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-690

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
References

Wed, 22 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-690

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr in repeat_call_fn damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_sysfs_upd_schemes_stats(), and damon_sysfs_upd_schemes_effective_quotas() without checking contexts->nr. If nr_contexts is set to 0 via sysfs while DAMON is running, these functions dereference contexts_arr[0] and cause a NULL pointer dereference. Add the missing check. For example, the issue can be reproduced using DAMON sysfs interface and DAMON user-space tool (damo) [1] like below. $ sudo damo start --refresh_interval 1s $ echo 0 | sudo tee \ /sys/kernel/mm/damon/admin/kdamonds/0/contexts/nr_contexts
Title mm/damon/sysfs: check contexts->nr in repeat_call_fn
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:09:05.878Z

Reserved: 2026-03-09T15:48:24.092Z

Link: CVE-2026-31457

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T14:16:41.133

Modified: 2026-05-05T21:21:50.320

Link: CVE-2026-31457

cve-icon Redhat

Severity :

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31457 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T22:30:33Z

Weaknesses