CVE-2026-52905

MEDIUM

mm/damon/core: disallow non-power of two min_region_sz on damon_start()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_region") introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b ("mm/damon/core: disallow non-power of two min_region_sz") fixed it, but only for damon_commit_ctx() use case. Still, DAMON sysfs interface can emit non-power of two min_region_sz via damon_start(). Fix the path by adding the is_power_of_2() check on damon_start(). The issue was discovered by sashiko [1].

Scores

CVSS v3 5.5
EPSS 0.0011
EPSS Percentile 1.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-1284
Status published
Products (12)
linux/Kernel 6.18.0 - 6.18.30linux
linux/Kernel 6.19.0 - 7.0.4linux
Linux/Linux < 6.18
Linux/Linux 6.18
Linux/Linux 6.18.30 - 6.18.*
Linux/Linux 7.0.4 - 7.0.*
Linux/Linux 7.1
Linux/Linux 7.1-rc1
Linux/Linux d8f867fa0825fb3e358457566d7326d8aab2406a - 1de2db19a6028abe7d905875922faef5b873de67
Linux/Linux d8f867fa0825fb3e358457566d7326d8aab2406a - 89b6226b6c2a4add3939f361653a47c212d6ab75
... and 2 more
Published Jun 09, 2026
Tracked Since Jun 09, 2026