Impact
A race condition between the DAMON background thread and the request-registration function can cause the caller to wait indefinitely for a request that is never processed. This results in a deadlock that effectively stalls the kernel thread, leading to a denial of service. The flaw is a classic synchronization issue where two fields are protected by different mutexes, allowing a window where a request is registered while the background worker has already begun termination.
Affected Systems
The issue affects all Linux kernel builds that include the DAMON subsystem, regardless of distribution. No specific version range is listed in the advisory, so any kernel that implements the referenced logic without the commit is vulnerable.
Risk and Exploitability
The exploitability is limited to code that runs with kernel privileges, such as root users or compromised kernel modules. While the kernel patch introduces a deadlock rather than arbitrary code execution, the impact of a stuck kernel thread can be significant. The EPSS score is less than 1% and the vulnerability is not listed in CISA KEV, indicating no publicly known widespread exploitation. The CVSS score of 4.7 indicates a moderate severity within affected environments.
OpenCVE Enrichment
Ubuntu USN