CVE-2026-23012

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the handling of DAMON contexts. Specifically, if damon call() is executed against a DAMON context that is not running, the function returns an error while maintaining a link to a deallocated damon call control object. Subsequent calls to damon call() on the same context can then lead to a use-after-free condition. This issue can be triggered through the DAMON sysfs interface, though exploitation is not considered straightforward, requiring sysfs write permissions and unusual file writes. The fix involves ensuring that all existing damon call() requests are cancelled before the context is terminated and cleaning up damon call control objects before returning an error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.