CVE-2026-23144
📋 TL;DR
A memory leak vulnerability in the Linux kernel's DAMON sysfs interface occurs when context directory setup fails after attrs/ subdirectories have been created. This causes the system to retain orphaned directories until reboot, potentially degrading system performance and stability. All Linux systems using the DAMON memory monitoring subsystem are affected.
💻 Affected Systems
- Linux kernel
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
System memory exhaustion leading to kernel panic or system instability, potentially causing denial of service and requiring reboot to resolve.
Likely Case
Gradual memory leak over time that degrades system performance and may eventually cause out-of-memory conditions for critical processes.
If Mitigated
Minor performance impact with no security compromise if system has sufficient memory headroom and regular reboots.
🎯 Exploit Status
Requires local access and ability to trigger DAMON sysfs context creation failures. No remote exploitation possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits referenced in CVE (specific stable versions not specified)
Vendor Advisory: https://git.kernel.org/stable/c/43964644348f6b1add3055c4a6cae8f77d892a6e
Restart Required: No
Instructions:
1. Update Linux kernel to version containing fixes from provided git commits. 2. For distributions: Use package manager to update kernel package. 3. For custom kernels: Apply patches from git.kernel.org references and rebuild.
🔧 Temporary Workarounds
Disable DAMON sysfs interface
LinuxPrevent access to vulnerable interface by disabling DAMON sysfs support
echo 'kernel.damon.sysfs = 0' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Implement regular system reboots to clear accumulated memory leaks
- Monitor system memory usage closely and alert on unusual patterns
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if DAMON sysfs is enabled: 'uname -r' and check for /sys/kernel/mm/damon/ directory existenceCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond commit dates in CVE references, and test DAMON sysfs operations don't leak directories📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to memory allocation failures
- System logs showing out-of-memory conditions
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("out of memory" OR "OOM" OR "memory allocation failure")🔗 References
- https://git.kernel.org/stable/c/43964644348f6b1add3055c4a6cae8f77d892a6e
- https://git.kernel.org/stable/c/5651c0c391c0029541794f9c4c9597faecfd401f
- https://git.kernel.org/stable/c/78b4eb99751ebd37ceade78810bf94de80f7fb3a
- https://git.kernel.org/stable/c/9814cc832b88bd040fc2a1817c2b5469d0f7e862
- https://git.kernel.org/stable/c/db7dfe78fc81bdd2b532d77f340fe453f2360426
