Linux Kernel DAMON Non-Power of Two Minimum Region Size Validation Vulnerability

A vulnerability in the Linux kernel's DAMON (Data Access Monitor) subsystem allows the specification of non-power of two minimum region sizes, which can lead to unaligned region address ranges. This issue arises in the DAMON sysfs interface when the 'damon_start()' function is called. The vulnerability has been addressed by adding a check to ensure that the minimum region size is a power of two before the DAMON context is started.

Impact

Exploitation of this vulnerability could result in unaligned DAMON region address ranges, potentially leading to incorrect monitoring or management of memory access patterns.

Reproduction

The vulnerability can be reproduced by starting a DAMON context with a minimum region size that is not a power of two. This can be done through the DAMON sysfs interface by specifying an invalid 'min_region_sz' value when initiating monitoring.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.