Linux Kernel DAMON Memory Leak Vulnerability

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's DAMON (Data Access Monitoring) subsystem, specifically within the sysfs interface. The issue arises from two bugs in the functions 'damon_commit_targets()' and 'damon_commit_schemes()', which are called by 'damon_commit_ctx()'. These bugs can lead to the leakage of memory objects and the ignoring of some user inputs. The vulnerability affects only users of the DAMON sysfs interface, while other DAMON core API user modules, such as DAMON_RECLAIM and DAMON_LRU_SORT', are not impacted.

Impact

Exploitation of this vulnerability leads to memory leaks, where newly created DAMON target objects are not properly deallocated, causing unnecessary memory consumption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel DAMON Memory Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating