CVE-2026-46183

Source
https://cve.org/CVERecord?id=CVE-2026-46183
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46183.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46183
Downstream
Related
Published
2026-05-28T09:36:36.582Z
Modified
2026-07-08T08:09:41.274470146Z
Summary
mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs-schemes: protect path kfree() with damonsysfslock

damonsysfsquotgoal->path can be read and written by users, via DAMON sysfs 'path' file. It can also be indirectly read, for the parameters {on,off}line committing to DAMON. The reads for parameters committing are protected by damonsysfslock to avoid the sysfs files being destroyed while any of the parameters are being read. But the user-driven direct reads and writes are not protected by any lock, while the write is deallocating the path-pointing buffer. As a result, the readers could read the already freed buffer (user-after-free). Note that the user-reads don't race when the same open file is used by the writer, due to kernfs's open file locking. Nonetheless, doing the reads and writes with separate open files would be common. Fix it by protecting both the user-direct reads and writes with damonsysfs_lock.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46183.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c41e253a411eb73a5ac651c14f40c2ea2f274ebd
Fixed
a34ca3e33da4b924c66bcca3729bf68ec5936910
Fixed
cf3b71421ca00807328c6d9cd242f9de3b77a4bf

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46183.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46183.json"