Description
In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure

Patch series "mm/damon/sysfs: fix memory leak and NULL dereference
issues", v4.

DAMON_SYSFS can leak memory under allocation failure, and do NULL pointer
dereference when a privileged user make wrong sequences of control. Fix
those.


This patch (of 3):

When damon_sysfs_new_test_ctx() fails in damon_sysfs_commit_input(),
param_ctx is leaked because the early return skips the cleanup at the out
label. Destroy param_ctx before returning.
Published: 2026-04-22
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The flaw in the Linux kernel’s DAMON subsystem causes a param_ctx allocation to leak when damon_sysfs_new_test_ctx() fails and can trigger a NULL pointer dereference if a privileged user performs an incorrect sequence of sysfs operations. This results in memory exhaustion or a kernel crash, potentially leading to denial of service.

Affected Systems

The vulnerability affects all Linux kernel configurations that expose the DAMON sysfs interface. No specific kernel version range is listed, but the patch is part of the v4 series and applies to any release containing the offending code before the fix.

Risk and Exploitability

The EPSS score is unavailable and the issue is not listed in the CISA KEV catalog, indicating no known public exploits. Nonetheless, the defect can be abused by a local privileged user to trigger memory exhaustion or a crash. The lack of publicly available exploit code lowers the immediate risk, but the potential for system downtime warrants prompt remediation. The likely attack vector is a privileged local user manipulating the DAMON sysfs interface.

Generated by OpenCVE AI on April 22, 2026 at 19:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch v4 that cleans up param_ctx and fixes the NULL dereference.
  • Reboot or reload the kernel to ensure the updated code is active.
  • If patching cannot be performed immediately, restrict or disable the DAMON sysfs interface on systems where it is not required, or limit its access to non‑privileged users.

Generated by OpenCVE AI on April 22, 2026 at 19:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 22 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-476

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure Patch series "mm/damon/sysfs: fix memory leak and NULL dereference issues", v4. DAMON_SYSFS can leak memory under allocation failure, and do NULL pointer dereference when a privileged user make wrong sequences of control. Fix those. This patch (of 3): When damon_sysfs_new_test_ctx() fails in damon_sysfs_commit_input(), param_ctx is leaked because the early return skips the cleanup at the out label. Destroy param_ctx before returning.
Title mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-22T13:53:51.554Z

Reserved: 2026-03-09T15:48:24.092Z

Link: CVE-2026-31459

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T14:16:41.417

Modified: 2026-04-23T16:17:41.280

Link: CVE-2026-31459

cve-icon Redhat

Severity :

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31459 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T19:15:24Z

Weaknesses