Description
In the Linux kernel, the following vulnerability has been resolved:

mm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start()

Destroy the DAMON context and reset the global pointer when damon_start()
fails. Otherwise, the context allocated by damon_stat_build_ctx() is
leaked, and the stale damon_stat_context pointer will be overwritten on
the next enable attempt, making the old allocation permanently
unreachable.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when the DAMON subsystem fails to start; the allocated context is not released and a global pointer remains stale. This results in a memory leak that can accumulate, eventually exhausting system memory and creating a denial of service scenario. The flaw is a classic example of CWE‑401 (Memory Leak).

Affected Systems

All Linux kernel releases that contain the DAMON subsystem before the listed commit amendments are affected. The issue exists in the kernel’s mm/damon/stat module and can impact any system running a version of the Linux kernel that has not yet incorporated the upstream patches. The specific vendor is Linux, and the product is the Linux kernel.

Risk and Exploitability

No CVSS score is provided, and the EPSS score is not available, so the exact severity and likelihood of exploitation have not been quantified. KEV does not list the vulnerability. The leak can be exploited by repeatedly invoking damon_start failures, which may require local kernel access or elevated privileges. While the attack vector is inferred to be local or privileged, the lack of published exploitation evidence suggests a lower but still noteworthy risk, especially in environments that use DAMON and where memory resources are critical.

Generated by OpenCVE AI on May 27, 2026 at 17:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel version that includes the patch commit 50bc1d7e0f3bb6932c8dc5da0907eead0790176b (or later) to eliminate the memory leak.
  • If a kernel update cannot be performed immediately, disable the DAMON feature or module to prevent the vulnerable code path from executing.
  • Continuously monitor system memory usage and kernel logs for abnormal allocation growth or repeated damon_start failures; if such patterns are detected, investigate and apply the patch as soon as possible.

Generated by OpenCVE AI on May 27, 2026 at 17:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start() Destroy the DAMON context and reset the global pointer when damon_start() fails. Otherwise, the context allocated by damon_stat_build_ctx() is leaked, and the stale damon_stat_context pointer will be overwritten on the next enable attempt, making the old allocation permanently unreachable.
Title mm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:58:30.611Z

Reserved: 2026-05-13T15:03:33.096Z

Link: CVE-2026-46087

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:30.203

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46087

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T18:00:15Z

Weaknesses