CVE-2026-31457 PUBLISHED

mm/damon/sysfs: check contexts->nr in repeat_call_fn

Assigner: Linux
Reserved: 09.03.2026 Published: 22.04.2026 Updated: 22.04.2026

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs: check contexts->nr in repeat_call_fn

damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_sysfs_upd_schemes_stats(), and damon_sysfs_upd_schemes_effective_quotas() without checking contexts->nr. If nr_contexts is set to 0 via sysfs while DAMON is running, these functions dereference contexts_arr[0] and cause a NULL pointer dereference. Add the missing check.

For example, the issue can be reproduced using DAMON sysfs interface and DAMON user-space tool (damo) [1] like below.

<pre>$ sudo damo start --refresh_interval 1s $ echo 0 | sudo tee \ /sys/kernel/mm/damon/admin/kdamonds/0/contexts/nr_contexts </pre>

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from d809a7c64ba8229286b333c0cba03b1cdfb50238 to 3527e9fdc38570cea0f6ddb7a2c9303d4044b217 (excl.)
  • affected from d809a7c64ba8229286b333c0cba03b1cdfb50238 to 652cd0641a763dd0e846b0d12814977fadb2b7d8 (excl.)
  • affected from d809a7c64ba8229286b333c0cba03b1cdfb50238 to 6557004a8b59c7701e695f02be03c7e20ed1cc15 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.17 is affected
  • unaffected from 0 to 6.17 (excl.)
  • unaffected from 6.18.21 to 6.18.* (incl.)
  • unaffected from 6.19.11 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References