Memory Leak Vulnerability in Linux Kernel Affecting Damon's Context Object
CVE-2026-31652
What is CVE-2026-31652?
A memory leak vulnerability has been identified in the Linux kernel related to the damon_ctx object, which is allocated by the damon_stat_start() function. If the damon_call() fails, the damon_ctx object is not correctly deallocated, leading to a potential memory leak. This issue is compounded by the fact that simultaneously accessing the damon_ctx from the kdamond main function can lead to use-after-free vulnerabilities if not handled correctly. To mitigate this, the kernel's design will now return the damon_stat_start() without deallocating the damon_ctx after a damon_call() failure. Instead, it will wait until the kdamond has fully terminated before deallocating the object, ensuring system stability and security.
Affected Version(s)
Linux 405f61996d9d2e9d497cd9f6b66f41dc28d3d1d8 < 447f8870b484f6596d7a7130e72bd0a3f1e037bb
Linux 405f61996d9d2e9d497cd9f6b66f41dc28d3d1d8 < 16c92e9bf55fa049ddb5e894dc0623dacd46a620
Linux 405f61996d9d2e9d497cd9f6b66f41dc28d3d1d8 < 4c04c6b47c361612b1d70cec8f7a60b1482d1400