Impact
The vulnerability arises when the DAMON subsystem accepts an unchecked node identifier from the damos_quota_goal structure used by node_mem_{used,free}_bp quota goals. That identifier is then passed directly to si_meminfo_node() and NODE_DATA() without validation, triggering an out-of-bounds memory access that can culminate in a kernel crash or a NULL-pointer dereference. The flaw is a CWE-125 out-of-bounds read and a CWE-1285 null-pointer dereference issue.
Affected Systems
All Linux kernel releases containing the DAMON memory‑control subsystem and exposing node_mem_{used,free}_bp quota goals to privileged users are vulnerable. Distributions running a kernel version that has not incorporated the "mm/damon/core: validate damos_quota_goal->nid" patch remain exposed regardless of distribution release.
Risk and Exploitability
The flaw requires local privilege; an attacker must already have root or a trusted process to invoke DAMON tools or the sysfs interface. The CVSS score is 7.1, which indicates a moderate severity. The EPSS score is less than 1 %, indicating very low exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Nonetheless, its out‑of‑bounds nature gives it a high impact potential for privilege escalation if the attacker can supply a malicious node id.
OpenCVE Enrichment
Ubuntu USN