Skip to main content

Linux Kernel EUVDEUVD-2026-24798

| CVE-2026-31459 MEDIUM
Memory Leak (CWE-401)
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-6c8g-q98p-w229
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 06, 2026 - 22:01 vuln.today
CVSS changed
May 06, 2026 - 19:52 NVD
5.5 (MEDIUM)
Patch released
Apr 23, 2026 - 16:17 nvd
Patch available
Patch available
Apr 22, 2026 - 16:33 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24798
CVE Published
Apr 22, 2026 - 14:16 nvd
N/A
CVE Published
Apr 22, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure

Patch series "mm/damon/sysfs: fix memory leak and NULL dereference issues", v4.

DAMON_SYSFS can leak memory under allocation failure, and do NULL pointer dereference when a privileged user make wrong sequences of control. Fix those.

This patch (of 3):

When damon_sysfs_new_test_ctx() fails in damon_sysfs_commit_input(), param_ctx is leaked because the early return skips the cleanup at the out label. Destroy param_ctx before returning.

AnalysisAI

Memory leak in Linux kernel DAMON subsystem allows local authenticated users to exhaust system memory via failed allocation in damon_sysfs_new_test_ctx(), causing denial of service. The vulnerability affects kernel versions 6.17.6 through 7.0-rc1 when DAMON_SYSFS is enabled. A privileged user can trigger the leak by making specific control sequences that cause early function returns, bypassing cleanup code and leaving param_ctx unfreed.

Technical ContextAI

The DAMON (Data Access Monitoring) subsystem in the Linux kernel includes a sysfs interface (DAMON_SYSFS) for userspace interaction. The vulnerable code path involves damon_sysfs_commit_input() calling damon_sysfs_new_test_ctx(), which can fail during memory allocation. The root cause is a CWE-401 (Missing Release of Memory after Effective Lifetime) issue where an early return statement in the error path skips the cleanup label that would normally deallocate param_ctx. This is a classic resource leak vulnerability in kernel memory management where allocation failure handling fails to release previously allocated data structures before returning to the caller.

RemediationAI

Apply stable kernel patch versions 6.18.21, 6.19.11, or 7.0 as appropriate for your kernel series, available from https://git.kernel.org/stable/ via commits 7fe000eb32904758a85e62f6ea9483f89d5dabfc, e9de9f3ce06b133a348006668bc8d25c6e504867, or f76f0a964bc3d7b7e253b43c669c41356bc54e71. The fix adds explicit param_ctx cleanup in the error path of damon_sysfs_commit_input() before the early return statement. For systems unable to immediately upgrade, restrict access to DAMON_SYSFS control interfaces by limiting file permissions on /sys/kernel/debug/damon/ to trusted administrators only, or disable the DAMON_SYSFS subsystem entirely via kernel configuration (CONFIG_DAMON_SYSFS=n) if the feature is not required. Note that disabling DAMON_SYSFS requires kernel recompilation or boot-time reconfiguration.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-24798 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy