CVE-2026-31458

🗓️ 22 Apr 2026 13:53:50Reported by LinuxType

cve🔗 web.nvd.nist.gov👁 6 Views🌐 WEB

CVE-2026-31458: DAMON sysfs dereferences contexts_arr[0] when nr_contexts is zero, causing NULL pointer dereference.

Reporter	Title	Published	Views	Family All 34
Tenable Nessus	Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1646)	5 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1681)	9 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1746)	27 May 202600:00	–	nessus
Tenable Nessus	Debian dsa-6238 : ata-modules-6.12.74+deb13+1-armmp-di - security update	30 Apr 202600:00	–	nessus
Tenable Nessus	Photon OS 5.0: Linux PHSA-2026-5.0-0830	24 Apr 202600:00	–	nessus
Tenable Nessus	Photon OS 5.0: Linux PHSA-2026-5.0-0834	9 May 202600:00	–	nessus
Tenable Nessus	Photon OS 5.0: Linux PHSA-2026-5.0-0842	9 May 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-31458	22 Apr 202600:00	–	nessus
Amazon	Important: kernel6.12	5 May 202600:00	–	amazon
Amazon	Important: kernel6.18	26 May 202600:00	–	amazon

NVD

Vulners

CNA

Node

linux linux_kernelRange5.18–6.6.131

linux linux_kernelRange6.7–6.12.80

linux linux_kernelRange6.13–6.18.21

linux linux_kernelRange6.19–6.19.11

linux linux_kernelMatch7.0rc1

linux linux_kernelMatch7.0rc2

linux linux_kernelMatch7.0rc3

linux linux_kernelMatch7.0rc4

linux linux_kernelMatch7.0rc5

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "mm/damon/sysfs.c"
    ],
    "versions": [
      {
        "version": "0ac32b8affb5a384253dbb8339bd2d0e91add0b7",
        "lessThan": "aba546061341b56e9ffb37e1eb661a3628b6ec12",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0ac32b8affb5a384253dbb8339bd2d0e91add0b7",
        "lessThan": "1e8da792672481d603fa7cd0d815577220a3ee27",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0ac32b8affb5a384253dbb8339bd2d0e91add0b7",
        "lessThan": "708033c231bd782858f4ddbb46ee874a5a5fbdab",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0ac32b8affb5a384253dbb8339bd2d0e91add0b7",
        "lessThan": "bbe03ad3fb9e714191757ca7b41582f930be7be2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0ac32b8affb5a384253dbb8339bd2d0e91add0b7",
        "lessThan": "1bfe9fb5ed2667fb075682408b776b5273162615",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "mm/damon/sysfs.c"
    ],
    "versions": [
      {
        "version": "5.18",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.18",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.131",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.80",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18.21",
        "lessThanOrEqual": "6.18.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.19.11",
        "lessThanOrEqual": "6.19.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "7.0",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/bbe03ad3fb9e714191757ca7b41582f930be7be2
git	www.git.kernel.org/stable/c/aba546061341b56e9ffb37e1eb661a3628b6ec12
git	www.git.kernel.org/stable/c/1e8da792672481d603fa7cd0d815577220a3ee27
git	www.git.kernel.org/stable/c/708033c231bd782858f4ddbb46ee874a5a5fbdab
git	www.git.kernel.org/stable/c/1bfe9fb5ed2667fb075682408b776b5273162615

Parameter	Position	Path	Description	CWE
contexts/nr_contexts	request body	/sys/kernel/mm/damon/admin/kdamonds/0/contexts/nr_contexts	Writing 0 to contexts/nr_contexts can lead to NULL pointer dereference when kdamond->contexts->nr is 0 and contexts_arr[0] is accessed.	CWE-476
state	request body	/sys/kernel/mm/damon/admin/kdamonds/0/state	Various state update commands (e.g., update_schemes_stats, update_schemes_tried_regions, update_schemes_tried_bytes, update_schemes_effective_quotas, update_tuned_intervals) can trigger NULL pointer dereferences if contexts_arr[0] is accessed with nr_contexts == 0.	CWE-476

11 May 2026 22:09Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.5

EPSS0.00015

CWE-476