{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31459", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.092Z", "datePublished": "2026-04-22T13:53:51.554Z", "dateUpdated": "2026-04-22T13:53:51.554Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-22T13:53:51.554Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure\n\nPatch series \"mm/damon/sysfs: fix memory leak and NULL dereference\nissues\", v4.\n\nDAMON_SYSFS can leak memory under allocation failure, and do NULL pointer\ndereference when a privileged user make wrong sequences of control. Fix\nthose.\n\n\nThis patch (of 3):\n\nWhen damon_sysfs_new_test_ctx() fails in damon_sysfs_commit_input(),\nparam_ctx is leaked because the early return skips the cleanup at the out\nlabel. Destroy param_ctx before returning."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/damon/sysfs.c"], "versions": [{"version": "f0c5118ebb0eb7e4fd6f0d2ace3315ca141b317f", "lessThan": "e9de9f3ce06b133a348006668bc8d25c6e504867", "status": "affected", "versionType": "git"}, {"version": "f0c5118ebb0eb7e4fd6f0d2ace3315ca141b317f", "lessThan": "f76f0a964bc3d7b7e253b43c669c41356bc54e71", "status": "affected", "versionType": "git"}, {"version": "f0c5118ebb0eb7e4fd6f0d2ace3315ca141b317f", "lessThan": "7fe000eb32904758a85e62f6ea9483f89d5dabfc", "status": "affected", "versionType": "git"}, {"version": "5b3609d9b9650bdea0bfdf643e0ce57e1aed67fc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/damon/sysfs.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17.6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e9de9f3ce06b133a348006668bc8d25c6e504867"}, {"url": "https://git.kernel.org/stable/c/f76f0a964bc3d7b7e253b43c669c41356bc54e71"}, {"url": "https://git.kernel.org/stable/c/7fe000eb32904758a85e62f6ea9483f89d5dabfc"}], "title": "mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure\n\nPatch series \"mm/damon/sysfs: fix memory leak and NULL dereference\nissues\", v4.\n\nDAMON_SYSFS can leak memory under allocation failure, and do NULL pointer\ndereference when a privileged user make wrong sequences of control. Fix\nthose.\n\n\nThis patch (of 3):\n\nWhen damon_sysfs_new_test_ctx() fails in damon_sysfs_commit_input(),\nparam_ctx is leaked because the early return skips the cleanup at the out\nlabel. Destroy param_ctx before returning."}], "id": "CVE-2026-31459", "lastModified": "2026-04-22T14:16:41.417", "metrics": {}, "published": "2026-04-22T14:16:41.417", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7fe000eb32904758a85e62f6ea9483f89d5dabfc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e9de9f3ce06b133a348006668bc8d25c6e504867"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f76f0a964bc3d7b7e253b43c669c41356bc54e71"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure", "id": "2460637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460637"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-31459", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31459\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31459\nhttps://lore.kernel.org/linux-cve-announce/2026042250-CVE-2026-31459-0600@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f0c5118ebb0eb7e4fd6f0d2ace3315ca141b317f,e9de9f3ce06b133a348006668bc8d25c6e504867)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f0c5118ebb0eb7e4fd6f0d2ace3315ca141b317f,f76f0a964bc3d7b7e253b43c669c41356bc54e71)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f0c5118ebb0eb7e4fd6f0d2ace3315ca141b317f,7fe000eb32904758a85e62f6ea9483f89d5dabfc)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "5b3609d9b9650bdea0bfdf643e0ce57e1aed67fc"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-22T19:06:14.990214+00:00", "value": {"mitigation_remediation": ["Apply the kernel patch v4 that cleans up param_ctx and fixes the NULL dereference.", "Reboot or reload the kernel to ensure the updated code is active.", "If patching cannot be performed immediately, restrict or disable the DAMON sysfs interface on systems where it is not required, or limit its access to non\u2011privileged users."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all Linux kernel configurations that expose the DAMON sysfs interface. No specific kernel version range is listed, but the patch is part of the v4 series and applies to any release containing the offending code before the fix.", "description_and_impact": "The flaw in the Linux kernel\u2019s DAMON subsystem causes a param_ctx allocation to leak when damon_sysfs_new_test_ctx() fails and can trigger a NULL pointer dereference if a privileged user performs an incorrect sequence of sysfs operations. This results in memory exhaustion or a kernel crash, potentially leading to denial of service.", "risk_and_exploitability": "The EPSS score is unavailable and the issue is not listed in the CISA KEV catalog, indicating no known public exploits. Nonetheless, the defect can be abused by a local privileged user to trigger memory exhaustion or a crash. The lack of publicly available exploit code lowers the immediate risk, but the potential for system downtime warrants prompt remediation. The likely attack vector is a privileged local user manipulating the DAMON sysfs interface."}}}}, "created": "2026-04-22T18:15:15.252614+00:00", "title": "Linux Kernel DAMON Sysfs Memory Leak and NULL Dereference Vulnerability", "updated": "2026-04-22T19:15:24.477709+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-401", "CWE-476"]}