CVE-2026-31457
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
22/04/2026
Last modified:
05/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
mm/damon/sysfs: check contexts->nr in repeat_call_fn<br />
<br />
damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(),<br />
damon_sysfs_upd_schemes_stats(), and<br />
damon_sysfs_upd_schemes_effective_quotas() without checking contexts->nr. <br />
If nr_contexts is set to 0 via sysfs while DAMON is running, these<br />
functions dereference contexts_arr[0] and cause a NULL pointer<br />
dereference. Add the missing check.<br />
<br />
For example, the issue can be reproduced using DAMON sysfs interface and<br />
DAMON user-space tool (damo) [1] like below.<br />
<br />
$ sudo damo start --refresh_interval 1s<br />
$ echo 0 | sudo tee \<br />
/sys/kernel/mm/damon/admin/kdamonds/0/contexts/nr_contexts
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.17 (including) | 6.18.21 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page