CVE-2026-46067

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: validate damos quota goal->nid for node memcg {used,free} bp

Users can set damos quota goal->nid with arbitrary value for node memcg {used,free} bp. But DAMON core is using those for NODE-DATA() without a validation of the value. This can result in out of bounds memory access. The issue can actually triggered using DAMON user-space tool (damo), like below.

$ sudo mkdir /sys/fs/cgroup/foo $ sudo ./damo start --damos action stat --damos quota interval 1s --damos quota goal node memcg used bp 50% -1 /foo $ sudo dmseg [...] [ 524.181426] Unable to handle kernel paging request at virtual address 0000000000002c00

Fix this issue by adding the validation of the given node id. If an invalid node id is given, it returns 0% for used memory ratio, and 100% for free memory ratio.