Linux Kernel DAMON Context Leak Vulnerability in Memory Management

A memory management vulnerability has been identified in the Linux kernel's DAMON (Data Access Monitoring) subsystem. The issue arises in the 'mm/damon/stat' module, where the 'damon_stat_start()' function allocates a context object but fails to deallocate it if the 'damon_call()' function encounters an error. This oversight leads to a memory leak, as the allocated context is not released. Furthermore, if the user re-enables the DAMON statistics collection before the leaked context is properly handled, it can result in a use-after-free scenario, where the DAMON process accesses freed memory, potentially causing instability or security issues.

Impact

Exploitation of this vulnerability causes a memory leak that can lead to a use-after-free condition, allowing the DAMON process to access deallocated memory, which can be manipulated to cause undefined behavior or memory corruption.

Reproduction

The vulnerability can be reproduced by enabling the DAMON statistics collection, which allocates a context object. If the 'damon_call()' function fails, the context object remains allocated but is not properly managed. Re-enabling the statistics collection before the context is released causes the previously allocated context to be leaked, creating a use-after-free situation when the DAMON process accesses the freed memory.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.