PT-2026-39049 · Linux · Linux Kernel
CVE-2026-43388
·
Published
2026-05-08
·
Updated
2026-05-21
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A flaw exists in the
damos walk() function where ctx->walk control is set to a caller-provided control structure before verifying if the context is running. If the context is inactive, the function returns an error without clearing ctx->walk control, leaving a dangling pointer to a stack-allocated structure. This can lead to a use-after-free scenario if the context is started and kdamond dereferences the pointer, or result in a permanent -EBUSY error during subsequent damos walk() calls because the pointer remains non-NULL.Recommendations
Clear
ctx->walk control under walk control lock before returning -EINVAL in the damos walk() function.Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel