Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-31445— mm/damon/core: avoid use of half-online-committed context

EPSS 0.01% · P2
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-31445

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
mm/damon/core: avoid use of half-online-committed context
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half-online-committed context One major usage of damon_call() is online DAMON parameters update. It is done by calling damon_commit_ctx() inside the damon_call() callback function. damon_commit_ctx() can fail for two reasons: 1) invalid parameters and 2) internal memory allocation failures. In case of failures, the damon_ctx that attempted to be updated (commit destination) can be partially updated (or, corrupted from a perspective), and therefore shouldn't be used anymore. The function only ensures the damon_ctx object can safely deallocated using damon_destroy_ctx(). The API callers are, however, calling damon_commit_ctx() only after asserting the parameters are valid, to avoid damon_commit_ctx() fails due to invalid input parameters. But it can still theoretically fail if the internal memory allocation fails. In the case, DAMON may run with the partially updated damon_ctx. This can result in unexpected behaviors including even NULL pointer dereference in case of damos_commit_dests() failure [1]. Such allocation failure is arguably too small to fail, so the real world impact would be rare. But, given the bad consequence, this needs to be fixed. Avoid such partially-committed (maybe-corrupted) damon_ctx use by saving the damon_commit_ctx() failure on the damon_ctx object. For this, introduce damon_ctx->maybe_corrupted field. damon_commit_ctx() sets it when it is failed. kdamond_call() checks if the field is set after each damon_call_control->fn() is executed. If it is set, ignore remaining callback requests and return. All kdamond_call() callers including kdamond_fn() also check the maybe_corrupted field right after kdamond_call() invocations. If the field is set, break the kdamond_fn() main loop so that DAMON sill doesn't use the context that might be corrupted. [sj@kernel.org: let kdamond_call() with cancel regardless of maybe_corrupted]
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于damon_commit_ctx函数可能因内存分配失败导致上下文部分更新,可能造成DAMON使用损坏的上下文运行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 3301f1861d34f53911a30a8f5f41b9141bd8ed39 ~ 9c495f9d3781cd692bd199531cabd4627155e8cd -
LinuxLinux 6.15 -

II. Public POCs for CVE-2026-31445

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-31445

登录查看更多情报信息。

Same Patch Batch · Linux · 2026-04-22 · 100 CVEs total

CVE-2026-314639.8 CRITICALiomap: fix invalid folio access when i_blkbits differs from I/O granularity
CVE-2026-314369.8 CRITICALdmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()
CVE-2026-314449.8 CRITICALksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
CVE-2026-314789.8 CRITICALksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
CVE-2026-315019.8 CRITICALnet: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path
CVE-2026-314489.4 CRITICALext4: avoid infinite loops caused by residual data
CVE-2026-314328.8 HIGHksmbd: fix OOB write in QUERY_INFO for compound requests
CVE-2026-314338.8 HIGHksmbd: fix potencial OOB in get_file_all_info() for compound requests
CVE-2026-314358.8 HIGHnetfs: Fix read abandonment during retry
CVE-2026-314508.8 HIGHext4: publish jinode after initialization
CVE-2026-314768.2 HIGHksmbd: do not expire session on binding failure
CVE-2026-314648.1 HIGHscsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
CVE-2026-315138.1 HIGHBluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req
CVE-2026-314907.8 HIGHdrm/xe/pf: Fix use-after-free in migration restore
CVE-2026-314537.8 HIGHxfs: avoid dereferencing log items after push callbacks
CVE-2026-314947.8 HIGHnet: macb: use the current queue number for stats
CVE-2026-315027.8 HIGHteam: fix header_ops type confusion with non-Ethernet ports
CVE-2026-314497.8 HIGHext4: validate p_idx bounds in ext4_ext_correct_indexes
CVE-2026-315047.8 HIGHnet: fix fanout UAF in packet_release() via NETDEV_UP race
CVE-2026-315057.8 HIGHiavf: fix out-of-bounds writes in iavf_get_ethtool_stats()

Showing top 20 of 100 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2026-31445

No comments yet

Leave a comment