{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31653", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.128Z", "datePublished": "2026-04-24T14:45:05.689Z", "dateUpdated": "2026-05-11T22:12:58.645Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:12:58.645Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: dealloc repeat_call_control if damon_call() fails\n\ndamon_call() for repeat_call_control of DAMON_SYSFS could fail if somehow\nthe kdamond is stopped before the damon_call(). It could happen, for\nexample, when te damon context was made for monitroing of a virtual\naddress processes, and the process is terminated immediately, before the\ndamon_call() invocation. In the case, the dyanmically allocated\nrepeat_call_control is not deallocated and leaked.\n\nFix the leak by deallocating the repeat_call_control under the\ndamon_call() failure.\n\nThis issue is discovered by sashiko [1]."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/damon/sysfs.c"], "versions": [{"version": "04a06b139ec08aa63d7377f6d3e5218f8ddb1c5d", "lessThan": "b9dadf026a9fb681ed32a0646adc10ab485bf3b1", "status": "affected", "versionType": "git"}, {"version": "04a06b139ec08aa63d7377f6d3e5218f8ddb1c5d", "lessThan": "0655f5cf1735508394ef8af98ddcfab3ac1c1cc5", "status": "affected", "versionType": "git"}, {"version": "04a06b139ec08aa63d7377f6d3e5218f8ddb1c5d", "lessThan": "0199390a6b92fc21860e1b858abf525c7e73b956", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/damon/sysfs.c"], "versions": [{"version": "6.17", "status": "affected"}, {"version": "0", "lessThan": "6.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.23", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.13", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.18.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.19.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b9dadf026a9fb681ed32a0646adc10ab485bf3b1"}, {"url": "https://git.kernel.org/stable/c/0655f5cf1735508394ef8af98ddcfab3ac1c1cc5"}, {"url": "https://git.kernel.org/stable/c/0199390a6b92fc21860e1b858abf525c7e73b956"}], "title": "mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DC92196-2D7B-4F07-A19F-B43E0624C441", "versionEndExcluding": "6.18.23", "versionStartIncluding": "6.17.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1490EF9B-9080-481C-8D22-1306AAE664E4", "versionEndExcluding": "6.19.13", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*", "matchCriteriaId": "7CC8B11D-82DC-4958-8DC7-BF5CC829A5E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: dealloc repeat_call_control if damon_call() fails\n\ndamon_call() for repeat_call_control of DAMON_SYSFS could fail if somehow\nthe kdamond is stopped before the damon_call(). It could happen, for\nexample, when te damon context was made for monitroing of a virtual\naddress processes, and the process is terminated immediately, before the\ndamon_call() invocation. In the case, the dyanmically allocated\nrepeat_call_control is not deallocated and leaked.\n\nFix the leak by deallocating the repeat_call_control under the\ndamon_call() failure.\n\nThis issue is discovered by sashiko [1]."}], "id": "CVE-2026-31653", "lastModified": "2026-04-27T20:16:21.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:44.793", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0199390a6b92fc21860e1b858abf525c7e73b956"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0655f5cf1735508394ef8af98ddcfab3ac1c1cc5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9dadf026a9fb681ed32a0646adc10ab485bf3b1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails", "id": "2461564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461564"}, "csaw": false, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's Data Access MONitor (DAMON) subsystem. When a process being monitored by DAMON terminates unexpectedly, a memory leak can occur because a control structure is not properly deallocated. This can lead to a gradual consumption of system memory, potentially causing system instability or a Denial of Service (DoS) over an extended period."], "name": "CVE-2026-31653", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31653\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31653\nhttps://lore.kernel.org/linux-cve-announce/2026042401-CVE-2026-31653-cb56@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[04a06b139ec08aa63d7377f6d3e5218f8ddb1c5d,b9dadf026a9fb681ed32a0646adc10ab485bf3b1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[04a06b139ec08aa63d7377f6d3e5218f8ddb1c5d,0655f5cf1735508394ef8af98ddcfab3ac1c1cc5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[04a06b139ec08aa63d7377f6d3e5218f8ddb1c5d,0199390a6b92fc21860e1b858abf525c7e73b956)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.17"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.17)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.23,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.13,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T13:47:11.660977+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a released version that incorporates the patch for CVE-2026-31653", "If an immediate kernel upgrade is not possible, disable or avoid use of DAMON sysfs monitoring for critical workloads to prevent the fault condition", "Monitor kernel memory usage and set limits or alerts for abnormal memory growth associated with repeat_call_control allocations"], "summary": {"action": "Update Kernel", "impact": "Memory Leak leading to potential Denial of Service"}, "threat_synthesis": {"affected_systems": "All Linux kernel versions that implement DAMON sysfs, specifically kernel releases 6.17 and all canary releases of kernel 7.0 prior to the inclusion of the patch. Because the kernel identifies the vendors as Linux:Linux, any distribution shipping these kernel versions is affected until a corrected build is issued.", "description_and_impact": "The vulnerability occurs in the Linux kernel DAMON sysfs component where the repeat_call_control structure is not freed if damon_call() fails. This leakage can accumulate over time, gradually consuming kernel memory and potentially exhausting available memory resources. The impact is limited to a denial of service scenario because the attacker cannot read or modify data, but long\u2011term memory exhaustion can bring the system to a halt. The weakness is a classic case of missing release of memory after its effective use (CWE-772).", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity. The EPSS score of <1% suggests that exploitation is unlikely in the near term. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to provoke damon_call() failures repeatedly, such as by rapidly terminating monitored virtual address processes, to gradually leak memory. Without a direct remote code execution vector, the threat is primarily a resource exhaustion attack and requires long\u2011term persistence to result in a system outage."}}}}, "created": "2026-04-27T18:45:11.316023+00:00", "updated": "2026-04-28T14:00:16.481074+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}