Skip to main content

Linux Kernel EUVDEUVD-2026-32470

| CVE-2026-46087 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-6f33-3frm-64p4
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only vector confirmed by kernel memory path; PR:L as unprivileged user can invoke DAMON interface; A:H for kernel heap exhaustion; no C or I impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:34 vuln.today
CVSS changed
Jun 25, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start()

Destroy the DAMON context and reset the global pointer when damon_start() fails. Otherwise, the context allocated by damon_stat_build_ctx() is leaked, and the stale damon_stat_context pointer will be overwritten on the next enable attempt, making the old allocation permanently unreachable.

AnalysisAI

Memory leak in the Linux kernel's DAMON statistics subsystem (mm/damon/stat) causes kernel memory exhaustion when damon_start() fails during damon_stat_start(). The allocated DAMON context is never freed on the failure path, and the stale global pointer is overwritten on each subsequent enable attempt, making prior allocations permanently unreachable. Exploitation requires local access with low privileges, yields high availability impact (A:H) via progressive kernel memory exhaustion, and no public exploit or active exploitation has been identified at time of analysis.

Technical ContextAI

DAMON (Data Access Monitoring) is a Linux kernel subsystem introduced to profile memory access patterns and support memory management decisions. The affected module, mm/damon/stat, provides statistical interfaces over DAMON. The root cause is CWE-401 (Missing Release of Memory after Effective Lifetime): in damon_stat_start(), the function damon_stat_build_ctx() allocates a DAMON context that is stored in the global pointer damon_stat_context; if the subsequent damon_start() call fails, the error path neither destroys the allocated context nor resets the global pointer. On the next enable attempt, the pointer is simply overwritten, orphaning the prior allocation in kernel heap memory. CPE data confirms the affected product as cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* spanning all kernel builds from the introducing commit (369c415e60732b7c8ed33368891581246f580d7a) up to the fix commits across the 6.x and 7.x stable trees.

RemediationAI

The primary fix is to upgrade the Linux kernel to version 6.18.27 or 7.0.4, both of which include the corrected damon_stat_start() error path. For kernels running 7.1-rc1 or later, the fix is also incorporated. The three upstream fix commits (50bc1d7e, 8a62c584, e04ed278) are available on kernel.org stable trees and should be applied by distribution vendors in their next stable update cycles. As a compensating control on systems where an immediate upgrade is not feasible, restricting access to the DAMON sysfs or debugfs interfaces (e.g., via Linux Security Module policy, file permission hardening on /sys/kernel/mm/damon/, or disabling CONFIG_DAMON_STAT at build time) will prevent unprivileged local users from triggering the vulnerable code path; however, this does not eliminate the flaw. Distributions using CONFIG_DAMON_STAT=m can unload the module as a temporary measure with the trade-off of losing DAMON statistics functionality.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

EUVD-2026-32470 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy