The Linux kernel Damon sysfs subsystem contains a flaw that causes a memory leak when the helper function fails to allocate a context during sysfs operations. If a privileged user triggers this failure path, the allocated param_ctx is not freed, leading to gradual memory exhaustion. The same code path can also dereference a null pointer, causing an immediate kernel panic. These behaviors can be leveraged to disrupt service or crash the system, representing a denial‑of‑service vulnerability for the affected node.

The issue affects Linux kernel releases that include the DAMON sysfs interface and expose the buggy code path. Specifically, affected kernel versions are 6.17.6, 6.18 and its release candidates rc3 through rc7, and 7.0 release candidates rc1 through rc5. The patch series v4 removes the leak by freeing param_ctx on failure and corrects the null dereference guard.

The CVSS score of 5.5 indicates moderate severity, and the EPSS score is below 1 %, implying a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, and no public exploit has been reported. Nonetheless, the flaw can be triggered by a local privileged user via sysfs, so there is a realistic risk of either memory exhaustion or kernel crash if the patch is not applied. Existing mitigations are limited, so patching is recommended.