CVE-2026-31457
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: check contexts->nr in repeat_call_fn
damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_sysfs_upd_schemes_stats(), and damon_sysfs_upd_schemes_effective_quotas() without checking contexts->nr. If nr_contexts is set to 0 via sysfs while DAMON is running, these functions dereference contexts_arr[0] and cause a NULL pointer dereference. Add the missing check.
For example, the issue can be reproduced using DAMON sysfs interface and DAMON user-space tool (damo) [1] like below.
$ sudo damo start --refresh_interval 1s
$ echo 0 | sudo tee \
/sys/kernel/mm/damon/admin/kdamonds/0/contexts/nr_contexts
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d809a7c64ba8229286b333c0cba03b1cdfb50238 < 3527e9fdc38570cea0f6ddb7a2c9303d4044b217 | affected |
| Linux | Linux | d809a7c64ba8229286b333c0cba03b1cdfb50238 < 652cd0641a763dd0e846b0d12814977fadb2b7d8 | affected |
| Linux | Linux | d809a7c64ba8229286b333c0cba03b1cdfb50238 < 6557004a8b59c7701e695f02be03c7e20ed1cc15 | affected |
| Linux | Linux | 6.17 | affected |
| Linux | Linux | 0 < 6.17 | unaffected |
| Linux | Linux | 6.18.21 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.11 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/3527e9fdc38570cea0f6ddb7a2c9303d4044b217
- https://git.kernel.org/stable/c/652cd0641a763dd0e846b0d12814977fadb2b7d8
- https://git.kernel.org/stable/c/6557004a8b59c7701e695f02be03c7e20ed1cc15
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.