CVE-2024-57886

MEDIUM EPSS 6.9%
Published Jan 15, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 15, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damon_target objects leaks on damon_commit_targets() Patch series "mm/damon/core: fix memory leaks and ignored inputs from damon_commit_ctx()". Due to two bugs in damon_commit_targets() and damon_commit_schemes(), which are called from damon_commit_ctx(), some user inputs can be ignored, and some mmeory objects can be leaked. Fix those. Note that only DAMON sysfs interface users are affected. Other DAMON core API user modules that more focused more on simple and dedicated production usages, including DAMON_RECLAIM and DAMON_LRU_SORT are not using the buggy function in the way, so not affected. This patch (of 2): When new DAMON targets are added via damon_commit_targets(), the newly created targets are not deallocated when updating the internal data (damon_commit_target()) is failed. Worse yet, even if the setup is successfully done, the new target is not linked to the context. Hence, the new targets are always leaked regardless of the internal data setup failure. Fix the leaks.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥6.11  –  <6.12.9
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/3647932d0b3e609c762c55e8f9fe10a09776e0a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8debfc5b1aa569d3d2ac836af2553da037611c61
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3647932d0b3e609c762c55e8f9fe10a09776e0a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8debfc5b1aa569d3d2ac836af2553da037611c61
    Patch