CVE-2026-46121
Analyzed Analyzed - Analysis Complete

Use-After-Free in Linux Kernel DAMON Sysfs Interface

Vulnerability report for CVE-2026-46121, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-28

Last updated on: 2026-06-24

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock Patch series "mm/damon/sysfs-schemes: fix use-after-free for [memcg_]path". Reads of 'memcg_path' and 'path' files in DAMON sysfs interface could race with their writes, results in use-after-free. Fix those. This patch (of 2): damon_sysfs_scheme_filter->mmecg_path can be read and written by users, via DAMON sysfs memcg_path file. It can also be indirectly read, for the parameters {on,off}line committing to DAMON. The reads for parameters committing are protected by damon_sysfs_lock to avoid the sysfs files being destroyed while any of the parameters are being read. But the user-driven direct reads and writes are not protected by any lock, while the write is deallocating the memcg_path-pointing buffer. As a result, the readers could read the already freed buffer (user-after-free). Note that the user-reads don't race when the same open file is used by the writer, due to kernfs's open file locking. Nonetheless, doing the reads and writes with separate open files would be common. Fix it by protecting both the user-direct reads and writes with damon_sysfs_lock.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-28
Last Modified
2026-06-24
Generated
2026-07-08
AI Q&A
2026-05-28
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 7.1
linux linux_kernel From 6.15.5 (inc) to 6.16 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.7 (exc)
linux linux_kernel From 6.12.36 (inc) to 6.12.88 (exc)
linux linux_kernel From 6.16.1 (inc) to 6.18.30 (exc)
linux linux_kernel From 6.6.96 (inc) to 6.6.140 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's DAMON sysfs interface, specifically related to the handling of 'memcg_path' and 'path' files.

The issue arises because reads and writes to these files can happen concurrently without proper locking, leading to a use-after-free condition. This means that a read operation might access memory that has already been freed by a write operation, causing potential instability or unexpected behavior.

The vulnerability was fixed by adding a lock (damon_sysfs_lock) to protect both reads and writes, ensuring that the memory is not freed while being read.

Impact Analysis

This vulnerability can lead to use-after-free conditions in the Linux kernel, which may cause system instability, crashes, or unpredictable behavior.

If exploited, it could potentially be used to cause denial of service or other unintended effects by triggering access to freed memory.

Mitigation Strategies

The vulnerability is fixed by applying the patch that protects both user-direct reads and writes of the memcg_path file in the DAMON sysfs interface with damon_sysfs_lock to prevent use-after-free conditions.

Therefore, the immediate mitigation step is to update the Linux kernel to a version that includes this patch.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46121. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart