Seongjae Park

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, specifically in the mm/damon/core module. The issue arises from two bugs in the `damon commit targets()` and `damon commit schemes()` functions, which are called from `damon commit ctx()`. These bugs can cause some user inputs to be ignored and memory objects to be leaked. The vulnerability affects only users of the DAMON sysfs interface. Other modules, such as DAMON RECLAIM and DAMON LRU SORT, are not affected as they do not use the buggy function in the same way. **Recommendations** To resolve the issue, apply the patch series "mm/damon/core: fix memory leaks and ignored inputs from damon commit ctx()". This patch fixes the leaks by properly deallocating newly created targets when updating internal data fails and by linking new targets to the context. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the DAMON debugfs interface in the Linux kernel, which increases the reference counts of `struct pid`s for targets from the 'target ids' file write callback (`dbgfs target ids write()`), but decreases the counts only in DAMON monitoring termination callback (`dbgfs before terminate()`). When the 'target ids' file is repeatedly written without DAMON monitoring start/termination, the reference count is not decreased, and therefore, memory for the `struct pid` cannot be freed. This can lead to a memory leak. The vulnerability may allow an attacker to disclose protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.