CVE-2026-31457

MEDIUM

mm/damon/sysfs: check contexts->nr in repeat_call_fn

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr in repeat_call_fn damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_sysfs_upd_schemes_stats(), and damon_sysfs_upd_schemes_effective_quotas() without checking contexts->nr. If nr_contexts is set to 0 via sysfs while DAMON is running, these functions dereference contexts_arr[0] and cause a NULL pointer dereference. Add the missing check. For example, the issue can be reproduced using DAMON sysfs interface and DAMON user-space tool (damo) [1] like below. $ sudo damo start --refresh_interval 1s $ echo 0 | sudo tee \ /sys/kernel/mm/damon/admin/kdamonds/0/contexts/nr_contexts

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/3527e9fdc38570cea0f6ddb7a2c9303d4044b217

https://git.kernel.org/stable/c/652cd0641a763dd0e846b0d12814977fadb2b7d8

https://git.kernel.org/stable/c/6557004a8b59c7701e695f02be03c7e20ed1cc15

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (10)

Linux/Linux < 6.17

Linux/Linux 6.17

Linux/Linux 6.18.21 - 6.18.*

Linux/Linux 6.19.11 - 6.19.*

Linux/Linux 7.0

Linux/Linux d809a7c64ba8229286b333c0cba03b1cdfb50238 - 3527e9fdc38570cea0f6ddb7a2c9303d4044b217

Linux/Linux d809a7c64ba8229286b333c0cba03b1cdfb50238 - 652cd0641a763dd0e846b0d12814977fadb2b7d8

Linux/Linux d809a7c64ba8229286b333c0cba03b1cdfb50238 - 6557004a8b59c7701e695f02be03c7e20ed1cc15

linux/linux_kernel 7.0 rc1 (5 CPE variants)

linux/linux_kernel 6.17 - 6.18.21

Published Apr 22, 2026

Tracked Since Apr 22, 2026