CVE-2026-46121
Awaiting Analysis Awaiting Analysis - Queue
Use-After-Free in Linux Kernel DAMON Sysfs Interface

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock Patch series "mm/damon/sysfs-schemes: fix use-after-free for [memcg_]path". Reads of 'memcg_path' and 'path' files in DAMON sysfs interface could race with their writes, results in use-after-free. Fix those. This patch (of 2): damon_sysfs_scheme_filter->mmecg_path can be read and written by users, via DAMON sysfs memcg_path file. It can also be indirectly read, for the parameters {on,off}line committing to DAMON. The reads for parameters committing are protected by damon_sysfs_lock to avoid the sysfs files being destroyed while any of the parameters are being read. But the user-driven direct reads and writes are not protected by any lock, while the write is deallocating the memcg_path-pointing buffer. As a result, the readers could read the already freed buffer (user-after-free). Note that the user-reads don't race when the same open file is used by the writer, due to kernfs's open file locking. Nonetheless, doing the reads and writes with separate open files would be common. Fix it by protecting both the user-direct reads and writes with damon_sysfs_lock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-05-28
AI Q&A
2026-05-28
EPSS Evaluated
N/A
NVD
CVE-2026-46121
EUVD
EUVD-2026-32880
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux_kernel linux_kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's DAMON sysfs interface, specifically related to the handling of 'memcg_path' and 'path' files.

The issue arises because reads and writes to these files can happen concurrently without proper locking, leading to a use-after-free condition. This means that a read operation might access memory that has already been freed by a write operation, causing potential instability or unexpected behavior.

The vulnerability was fixed by adding a lock (damon_sysfs_lock) to protect both reads and writes, ensuring that the memory is not freed while being read.


How can this vulnerability impact me? :

This vulnerability can lead to use-after-free conditions in the Linux kernel, which may cause system instability, crashes, or unpredictable behavior.

If exploited, it could potentially be used to cause denial of service or other unintended effects by triggering access to freed memory.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by applying the patch that protects both user-direct reads and writes of the memcg_path file in the DAMON sysfs interface with damon_sysfs_lock to prevent use-after-free conditions.

Therefore, the immediate mitigation step is to update the Linux kernel to a version that includes this patch.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart