CVE-2026-43388

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the damos walk() function where ctx->walk control is set to a caller-provided control structure before verifying if the context is running. If the context is inactive, the function returns an error without clearing ctx->walk control, leaving a dangling pointer to a stack-allocated structure. This can lead to a use-after-free scenario if the context is started and kdamond dereferences the pointer, or result in a permanent -EBUSY error during subsequent damos walk() calls because the pointer remains non-NULL.

Recommendations Clear ctx->walk control under walk control lock before returning -EINVAL in the damos walk() function.