CVE-2026-52905 - Vulnerability Details

- mm/damon/core: disallow non-power of two min_region_sz on damon_start()

Description

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: disallow non-power of two min_region_sz on damon_start()

Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_region") introduced
a bug that allows unaligned DAMON region address ranges. Commit
c80f46ac228b ("mm/damon/core: disallow non-power of two min_region_sz")
fixed it, but only for damon_commit_ctx() use case. Still, DAMON sysfs
interface can emit non-power of two min_region_sz via damon_start(). Fix
the path by adding the is_power_of_2() check on damon_start().

The issue was discovered by sashiko [1].

Published: 2026-06-09

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s DAMON subsystem introduced a bug that allows regions to be created with sizes that are not powers of two—the damon_start interface does not enforce power‑of‑two alignment. This omission permits the allocation of misaligned memory ranges, which can corrupt kernel memory during region Initialization or trigger a system crash. The description does not specify an exact outcome, but such misalignment is sufficient to compromise kernel data integrity.

Affected Systems

The flaw resides in the Linux kernel; it is present in kernel releases that include commit d8f867fa but lack the subsequent patch c80f46ac that adds a power‑of‑two check to damon_start. Affected kernels are therefore those that have not yet integrated the fix, and the vulnerability applies to any system running such a kernel regardless of distribution.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. No CVSS score is provided, so the exact severity cannot be quantified. Because the vulnerability involves writing to the DAMON sysfs interface, it requires local system access with the privileges needed to write to sysfs; remote exploitation is unlikely without prior escalation. The lack of reported public exploit activity suggests a moderate risk, but the potential for kernel memory corruption means denial‑of‑service and possibly escalation remain realistic concerns for locally‑reachable systems.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`d8f867fa0825fb3e358457566d7326d8aab2406a`	affected	< 1de2db19a6028abe7d905875922faef5b873de67
`d8f867fa0825fb3e358457566d7326d8aab2406a`	affected	< 89b6226b6c2a4add3939f361653a47c212d6ab75
`d8f867fa0825fb3e358457566d7326d8aab2406a`	affected	< 95093e5cb4c5b50a5b1a4b79f2942b62744bd66a

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.30`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[d8f867fa0825fb3e358457566d7326d8aab2406a,1de2db19a6028abe7d905875922faef5b873de67)`	affected	code_commit	—
`[d8f867fa0825fb3e358457566d7326d8aab2406a,89b6226b6c2a4add3939f361653a47c212d6ab75)`	affected	code_commit	—
`[d8f867fa0825fb3e358457566d7326d8aab2406a,95093e5cb4c5b50a5b1a4b79f2942b62744bd66a)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	semver	—
`[6.18.30,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that contains commit c80f46ac, which adds an alignment check to damon_start
If a kernel upgrade cannot be performed immediately, disable the DAMON sysfs interface (e.g., by unexporting or removing the relevant sysfs entries) so that damon_start cannot be invoked
Reduce write permissions to the DAMON sysfs entries so that only privileged users can modify them
Monitor sysfs activity for attempts to use non‑aligned min_region_sz values and investigate any suspicious events

Generated by OpenCVE AI on June 10, 2026 at 01:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1de2db19a6028abe7d905875922faef5b873de67
https://git.kernel.org/stable/c/89b6226b6c2a4add3939f361653a47c212d6ab75
https://git.kernel.org/stable/c/95093e5cb4c5b50a5b1a4b79f2942b62744bd66a
https://lore.kernel.org/linux-cve-announce/2026060913-CVE-2026-52905-6528@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-52905
https://www.cve.org/CVERecord?id=CVE-2026-52905

History

Wed, 10 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1284
References		https://lore.kernel.org/linux-cve-announce/2026060913-CVE-2026-52905-6528@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-52905 https://www.cve.org/CVERecord?id=CVE-2026-52905

Tue, 09 Jun 2026 15:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-122 CWE-125

Tue, 09 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_region") introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b ("mm/damon/core: disallow non-power of two min_region_sz") fixed it, but only for damon_commit_ctx() use case. Still, DAMON sysfs interface can emit non-power of two min_region_sz via damon_start(). Fix the path by adding the is_power_of_2() check on damon_start(). The issue was discovered by sashiko [1].
Title		mm/damon/core: disallow non-power of two min_region_sz on damon_start()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1de2db19a6028abe7d905875922faef5b873de67 https://git.kernel.org/stable/c/89b6226b6c2a4add3939f361653a47c212d6ab75 https://git.kernel.org/stable/c/95093e5cb4c5b50a5b1a4b79f2942b62744bd66a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-09T12:36:02.516Z

Updated: 2026-06-09T12:36:02.516Z

Reserved: 2026-06-09T07:44:35.366Z

Link: CVE-2026-52905

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-09T14:16:44.950

Modified: 2026-06-09T14:16:44.950

Link: CVE-2026-52905

Redhat

Severity :

Publid Date: 2026-06-09T00:00:00Z

Links: CVE-2026-52905 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-10T01:45:18Z

Weaknesses

CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-1284
Improper Validation of Specified Quantity in Input

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object