CVE-2026-53334 (GCVE-0-2026-53334)

Vulnerability from cvelistv5 – Published: 2026-07-01 13:32 – Updated: 2026-07-01 13:32
VLAI
Title
mm/damon/reclaim: handle ctx allocation failure
Summary
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/{reclaim,lru_sort}: handle ctx allocation failures". DAMON_RECLAIM and DAMON_LRU_SORT could dereference NULL pointers if their damon_ctx object allocations fail. The bugs are expected to happen infrequently because the allocations are arguably too small to fail on common setups. But theoretically they are possible and the consequences are bad. Fix those. The issues were discovered [1] by Sashiko. This patch (of 2): DAMON_RECLAIM allocates the damon_ctx object for its kdamond in its init function. damon_reclaim_enabled_store() wrongly assumes the allocation will always succeed once tried. If the damon_ctx allocation was failed, therefore, code execution reaches to damon_commit_ctx() while 'ctx' is NULL. As a result, it dereferences the NULL 'ctx' pointer. Avoid the NULL dereference by returning -ENOMEM if 'ctx' is NULL.
Severity
No CVSS data available.
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: 3f7a914ab9a5e46cf8aac7de270f02aa3f63de04 , < 66bc00ea37fa8ec14be5a3909d067a5967ef234b (git)
Affected: 3f7a914ab9a5e46cf8aac7de270f02aa3f63de04 , < 635b45ce61de53a9357e28ac97461428cdb650f0 (git)
Affected: 3f7a914ab9a5e46cf8aac7de270f02aa3f63de04 , < 7e2ed8a29427af534bf2cb9b8bc51762b8b6e654 (git)
Create a notification for this product.
Linux Linux Affected: 6.18
Unaffected: 0 , < 6.18 (semver)
Unaffected: 6.18.36 , ≤ 6.18.* (semver)
Unaffected: 7.0.13 , ≤ 7.0.* (semver)
Unaffected: 7.1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/damon/reclaim.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "66bc00ea37fa8ec14be5a3909d067a5967ef234b",
              "status": "affected",
              "version": "3f7a914ab9a5e46cf8aac7de270f02aa3f63de04",
              "versionType": "git"
            },
            {
              "lessThan": "635b45ce61de53a9357e28ac97461428cdb650f0",
              "status": "affected",
              "version": "3f7a914ab9a5e46cf8aac7de270f02aa3f63de04",
              "versionType": "git"
            },
            {
              "lessThan": "7e2ed8a29427af534bf2cb9b8bc51762b8b6e654",
              "status": "affected",
              "version": "3f7a914ab9a5e46cf8aac7de270f02aa3f63de04",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/damon/reclaim.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.18"
            },
            {
              "lessThan": "6.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.36",
                  "versionStartIncluding": "6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.13",
                  "versionStartIncluding": "6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1",
                  "versionStartIncluding": "6.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/reclaim: handle ctx allocation failure\n\nPatch series \"mm/damon/{reclaim,lru_sort}: handle ctx allocation failures\".\n\nDAMON_RECLAIM and DAMON_LRU_SORT could dereference NULL pointers if their\ndamon_ctx object allocations fail.  The bugs are expected to happen\ninfrequently because the allocations are arguably too small to fail on\ncommon setups.  But theoretically they are possible and the consequences\nare bad.  Fix those.\n\nThe issues were discovered [1] by Sashiko.\n\n\nThis patch (of 2):\n\nDAMON_RECLAIM allocates the damon_ctx object for its kdamond in its init\nfunction.  damon_reclaim_enabled_store() wrongly assumes the allocation\nwill always succeed once tried.  If the damon_ctx allocation was failed,\ntherefore, code execution reaches to damon_commit_ctx() while \u0027ctx\u0027 is\nNULL.  As a result, it dereferences the NULL \u0027ctx\u0027 pointer.  Avoid the\nNULL dereference by returning -ENOMEM if \u0027ctx\u0027 is NULL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T13:32:17.419Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/66bc00ea37fa8ec14be5a3909d067a5967ef234b"
        },
        {
          "url": "https://git.kernel.org/stable/c/635b45ce61de53a9357e28ac97461428cdb650f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e2ed8a29427af534bf2cb9b8bc51762b8b6e654"
        }
      ],
      "title": "mm/damon/reclaim: handle ctx allocation failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-53334",
    "datePublished": "2026-07-01T13:32:17.419Z",
    "dateReserved": "2026-06-09T07:44:35.398Z",
    "dateUpdated": "2026-07-01T13:32:17.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-53334",
      "date": "2026-07-02",
      "epss": "0.00166",
      "percentile": "0.06217"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-53334\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-07-01T14:16:41.350\",\"lastModified\":\"2026-07-01T14:16:41.350\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm/damon/reclaim: handle ctx allocation failure\\n\\nPatch series \\\"mm/damon/{reclaim,lru_sort}: handle ctx allocation failures\\\".\\n\\nDAMON_RECLAIM and DAMON_LRU_SORT could dereference NULL pointers if their\\ndamon_ctx object allocations fail.  The bugs are expected to happen\\ninfrequently because the allocations are arguably too small to fail on\\ncommon setups.  But theoretically they are possible and the consequences\\nare bad.  Fix those.\\n\\nThe issues were discovered [1] by Sashiko.\\n\\n\\nThis patch (of 2):\\n\\nDAMON_RECLAIM allocates the damon_ctx object for its kdamond in its init\\nfunction.  damon_reclaim_enabled_store() wrongly assumes the allocation\\nwill always succeed once tried.  If the damon_ctx allocation was failed,\\ntherefore, code execution reaches to damon_commit_ctx() while \u0027ctx\u0027 is\\nNULL.  As a result, it dereferences the NULL \u0027ctx\u0027 pointer.  Avoid the\\nNULL dereference by returning -ENOMEM if \u0027ctx\u0027 is NULL.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"mm/damon/reclaim.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"3f7a914ab9a5e46cf8aac7de270f02aa3f63de04\",\"lessThan\":\"66bc00ea37fa8ec14be5a3909d067a5967ef234b\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"3f7a914ab9a5e46cf8aac7de270f02aa3f63de04\",\"lessThan\":\"635b45ce61de53a9357e28ac97461428cdb650f0\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"3f7a914ab9a5e46cf8aac7de270f02aa3f63de04\",\"lessThan\":\"7e2ed8a29427af534bf2cb9b8bc51762b8b6e654\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"mm/damon/reclaim.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"6.18\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"6.18\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.36\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.13\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/635b45ce61de53a9357e28ac97461428cdb650f0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/66bc00ea37fa8ec14be5a3909d067a5967ef234b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7e2ed8a29427af534bf2cb9b8bc51762b8b6e654\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…