CVE-2026-31458

Source
https://cve.org/CVERecord?id=CVE-2026-31458
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31458.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31458
Downstream
Published
2026-04-22T13:53:50.883Z
Modified
2026-07-08T08:00:03.609907764Z
Summary
mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]

Multiple sysfs command paths dereference contextsarr[0] without first verifying that kdamond->contexts->nr == 1. A user can set nrcontexts to 0 via sysfs while DAMON is running, causing NULL pointer dereferences.

In more detail, the issue can be triggered by privileged users like below.

First, start DAMON and make contexts directory empty (kdamond->contexts->nr == 0).

# damo start
# cd /sys/kernel/mm/damon/admin/kdamonds/0
# echo 0 > contexts/nr_contexts

Then, each of below commands will cause the NULL pointer dereference.

# echo update_schemes_stats > state
# echo update_schemes_tried_regions > state
# echo update_schemes_tried_bytes > state
# echo update_schemes_effective_quotas > state
# echo update_tuned_intervals > state

Guard all commands (except OFF) at the entry point of damonsysfshandle_cmd().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31458.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0ac32b8affb5a384253dbb8339bd2d0e91add0b7
Fixed
aba546061341b56e9ffb37e1eb661a3628b6ec12
Fixed
1e8da792672481d603fa7cd0d815577220a3ee27
Fixed
708033c231bd782858f4ddbb46ee874a5a5fbdab
Fixed
bbe03ad3fb9e714191757ca7b41582f930be7be2
Fixed
1bfe9fb5ed2667fb075682408b776b5273162615

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31458.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
6.6.131
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.80
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.21
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.11

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31458.json"