HOMEVULNERABILITIESCVE-2026-31445
NONE

CVE-2026-31445

Published: April 22, 2026· Updated: Apr 23, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: avoid use of half-online-committed context

One major usage of damon_call() is online DAMON parameters update. It is

done by calling damon_commit_ctx() inside the damon_call() callback

function. damon_commit_ctx() can fail for two reasons: 1) invalid

parameters and 2) internal memory allocation failures. In case of

failures, the damon_ctx that attempted to be updated (commit destination)

can be partially updated (or, corrupted from a perspective), and therefore

shouldn't be used anymore. The function only ensures the damon_ctx object

can safely deallocated using damon_destroy_ctx().

The API callers are, however, calling damon_commit_ctx() only after

asserting the parameters are valid, to avoid damon_commit_ctx() fails due

to invalid input parameters. But it can still theoretically fail if the

internal memory allocation fails. In the case, DAMON may run with the

partially updated damon_ctx. This can result in unexpected behaviors

including even NULL pointer dereference in case of damos_commit_dests()

failure [1]. Such allocation failure is arguably too small to fail, so

the real world impact would be rare. But, given the bad consequence, this

needs to be fixed.

Avoid such partially-committed (maybe-corrupted) damon_ctx use by saving

the damon_commit_ctx() failure on the damon_ctx object. For this,

introduce damon_ctx->maybe_corrupted field. damon_commit_ctx() sets it

when it is failed. kdamond_call() checks if the field is set after each

damon_call_control->fn() is executed. If it is set, ignore remaining

callback requests and return. All kdamond_call() callers including

kdamond_fn() also check the maybe_corrupted field right after

kdamond_call() invocations. If the field is set, break the kdamond_fn()

main loop so that DAMON sill doesn't use the context that might be

corrupted.

[[email protected]: let kdamond_call() with cancel regardless of maybe_corrupted]

NVD Source

Technical Analysis

CVE-2026-31445 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-31445
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedApr 22, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31445 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.