{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23142", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.973Z", "datePublished": "2026-02-14T15:36:08.147Z", "dateUpdated": "2026-05-11T22:00:56.683Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:00:56.683Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure\n\nWhen a DAMOS-scheme DAMON sysfs directory setup fails after setup of\naccess_pattern/ directory, subdirectories of access_pattern/ directory are\nnot cleaned up. As a result, DAMON sysfs interface is nearly broken until\nthe system reboots, and the memory for the unremoved directory is leaked.\n\nCleanup the directories under such failures."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/damon/sysfs-schemes.c"], "versions": [{"version": "9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990", "lessThan": "ae8ac0066b48ed957bdcab58f0d3543549c57a29", "status": "affected", "versionType": "git"}, {"version": "9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990", "lessThan": "e9711bd0e64812c694a228cf58c9e6032decee54", "status": "affected", "versionType": "git"}, {"version": "9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990", "lessThan": "16236b0b4a08fa3e326cf1373ef789dabdc2e30d", "status": "affected", "versionType": "git"}, {"version": "9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990", "lessThan": "725d4fdaa01bd1161782081f419e1568cc7432e0", "status": "affected", "versionType": "git"}, {"version": "9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990", "lessThan": "392b3d9d595f34877dd745b470c711e8ebcd225c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/damon/sysfs-schemes.c"], "versions": [{"version": "5.18", "status": "affected"}, {"version": "0", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.67", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.12.67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ae8ac0066b48ed957bdcab58f0d3543549c57a29"}, {"url": "https://git.kernel.org/stable/c/e9711bd0e64812c694a228cf58c9e6032decee54"}, {"url": "https://git.kernel.org/stable/c/16236b0b4a08fa3e326cf1373ef789dabdc2e30d"}, {"url": "https://git.kernel.org/stable/c/725d4fdaa01bd1161782081f419e1568cc7432e0"}, {"url": "https://git.kernel.org/stable/c/392b3d9d595f34877dd745b470c711e8ebcd225c"}], "title": "mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E9EC47F-0DAF-443F-AC55-E8DC35F75C72", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F", "versionEndExcluding": "6.6.122", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7456F614-6AA8-4C08-8229-BA342D4AFBAD", "versionEndExcluding": "6.12.67", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "99FF3E05-0E7A-44E9-8E47-BF6F1F8EC436", "versionEndExcluding": "6.18.7", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure\n\nWhen a DAMOS-scheme DAMON sysfs directory setup fails after setup of\naccess_pattern/ directory, subdirectories of access_pattern/ directory are\nnot cleaned up. As a result, DAMON sysfs interface is nearly broken until\nthe system reboots, and the memory for the unremoved directory is leaked.\n\nCleanup the directories under such failures."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nmm/damon/sysfs-scheme: limpieza de los subdirectorios de access_pattern en caso de fallo en la configuraci\u00f3n del directorio del esquema\n\nCuando la configuraci\u00f3n de un directorio sysfs de DAMON con esquema DAMOS falla despu\u00e9s de la configuraci\u00f3n del directorio access_pattern/, los subdirectorios del directorio access_pattern/ no se limpian. Como resultado, la interfaz sysfs de DAMON queda casi rota hasta que el sistema se reinicia, y la memoria del directorio no eliminado se fuga.\n\nLimpiar los directorios en caso de tales fallos."}], "id": "CVE-2026-23142", "lastModified": "2026-03-17T21:13:41.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-14T16:15:54.273", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/16236b0b4a08fa3e326cf1373ef789dabdc2e30d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/392b3d9d595f34877dd745b470c711e8ebcd225c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/725d4fdaa01bd1161782081f419e1568cc7432e0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ae8ac0066b48ed957bdcab58f0d3543549c57a29"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e9711bd0e64812c694a228cf58c9e6032decee54"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure", "id": "2439869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439869"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure\nWhen a DAMOS-scheme DAMON sysfs directory setup fails after setup of\naccess_pattern/ directory, subdirectories of access_pattern/ directory are\nnot cleaned up. As a result, DAMON sysfs interface is nearly broken until\nthe system reboots, and the memory for the unremoved directory is leaked.\nCleanup the directories under such failures."], "name": "CVE-2026-23142", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23142\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23142\nhttps://lore.kernel.org/linux-cve-announce/2026021416-CVE-2026-23142-f91e@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990,ae8ac0066b48ed957bdcab58f0d3543549c57a29)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990,e9711bd0e64812c694a228cf58c9e6032decee54)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990,16236b0b4a08fa3e326cf1373ef789dabdc2e30d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990,725d4fdaa01bd1161782081f419e1568cc7432e0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990,392b3d9d595f34877dd745b470c711e8ebcd225c)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.162,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.122,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.67,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.7,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-18T12:22:29.330491+00:00", "value": {"mitigation_remediation": ["Update the system to a Linux kernel version that includes the fix for the DAMON sysfs scheme cleanup bug.", "If a kernel update is not yet available, reboot the machine to clear the leaked memory and restore the DAMON sysfs interface.", "Monitor system logs for repeated DAMON sysfs setup failures to ensure the bug has been resolved and plan a future kernel update."], "summary": {"action": "Apply Patch", "impact": "Memory Leak and Availability Impact"}, "threat_synthesis": {"affected_systems": "Affected products are all Linux kernel releases that contain the DAMON sysfs scheme code, including the 6.19 release candidates from rc1 through rc5. The issue is present in the generic Linux kernel and should be addressed in any distribution that ships these kernel versions.", "description_and_impact": "The vulnerability in the Linux kernel causes the DAMON sysfs directory setup to leave behind an access_pattern subdirectory when the scheme initialization fails. This failure results in a memory leak and disables the DAMON sysfs interface until the system is rebooted. The leak occurs during kernel initialization or when the DAMON subsystem is started, potentially degrading system stability and preventing further use of the legacy memory monitoring interface.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% reflects a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation. The attack vector is inferred to be local, requiring an attacker with kernel or root privileges to trigger repeated DAMON sysfs failures or to force a system reboot for recovery. The primary risk is to availability: if the sysfs interface remains broken, tools that rely on DAMON may fail, and memory leaks may accumulate until reboot."}}}}, "created": "2026-02-16T12:01:24.371563+00:00", "updated": "2026-04-18T12:30:45.470908+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}