HOMEVULNERABILITIESCVE-2026-31652
HIGH

CVE-2026-31652

Published: April 24, 2026· Updated: Apr 27, 2026

7.8
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/stat: deallocate damon_call() failure leaking damon_ctx

damon_stat_start() always allocates the module's damon_ctx object

(damon_stat_context). Meanwhile, if damon_call() in the function fails,

the damon_ctx object is not deallocated. Hence, if the damon_call() is

failed, and the user writes Y to “enabled” again, the previously

allocated damon_ctx object is leaked.

This cannot simply be fixed by deallocating the damon_ctx object when

damon_call() fails. That's because damon_call() failure doesn't guarantee

the kdamond main function, which accesses the damon_ctx object, is

completely finished. In other words, if damon_stat_start() deallocates

the damon_ctx object after damon_call() failure, the not-yet-terminated

kdamond could access the freed memory (use-after-free).

Fix the leak while avoiding the use-after-free by keeping returning

damon_stat_start() without deallocating the damon_ctx object after

damon_call() failure, but deallocating it when the function is invoked

again and the kdamond is completely terminated. If the kdamond is not yet

terminated, simply return -EAGAIN, as the kdamond will soon be terminated.

The issue was discovered [1] by sashiko.

NVD Source

Technical Analysis

CVE-2026-31652 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 3 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (3)

Quick Facts

CVE IDCVE-2026-31652
CVSS Score7.8 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedApr 24, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31652 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.