CVE-2023-53555

MEDIUM

Linux Kernel < 6.4.11 - Use of Uninitialized Resource in DAMON Filter List

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: initialize damo_filter->list from damos_new_filter() damos_new_filter() is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMON_RECLAIM are not initializing it after calling damos_new_filter(). As a result, accessing uninitialized memory is possible. Actually, adding multiple DAMOS filters via DAMON sysfs interface caused NULL pointer dereferencing. Initialize the field just after the allocation from damos_new_filter().

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/da7beebb49c643cd03c54447ed66595936a7a1ce

Patch

https://git.kernel.org/stable/c/5f1fc67f2cb8d3035d3acd273b48b97835af8afd

Scores

CVSS v3 5.5

EPSS 0.0012

EPSS Percentile 1.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-908

Status published

Products (8)

Linux/Linux < 6.3

Linux/Linux 6.3

Linux/Linux 6.4.11 - 6.4.*

Linux/Linux 6.5

Linux/Linux 98def236f63c66629fb6b2d4b69cecffc5b46539 - 5f1fc67f2cb8d3035d3acd273b48b97835af8afd

Linux/Linux 98def236f63c66629fb6b2d4b69cecffc5b46539 - da7beebb49c643cd03c54447ed66595936a7a1ce

linux/linux_kernel 6.5 rc1 (5 CPE variants)

linux/linux_kernel 6.3 - 6.4.11

Published Oct 04, 2025

Tracked Since Feb 18, 2026