min_sz_r…"/> min_sz_r…"/> min_sz_r…"/>
VDB

CVE-2026-52905

CVE-2026-52905 PUBLISHED

Reported by Linux · Published June 9, 2026

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_region") introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b ("mm/damon/core: disallow non-power of two min_region_sz") fixed it, but only for damon_commit_ctx() use case. Still, DAMON sysfs interface can emit non-power of two min_region_sz via damon_start(). Fix the path by adding the is_power_of_2() check on damon_start(). The issue was discovered by sashiko [1].

Affected Products

VendorProductVersions
LinuxLinuxd8f867fa0825fb3e358457566d7326d8aab2406a, d8f867fa0825fb3e358457566d7326d8aab2406a, d8f867fa0825fb3e358457566d7326d8aab2406a
LinuxLinux6.18, 0, 6.18.30
linuxlinux_kernel6.18, 6.18, 6.18
LinuxLinuxd8f867fa0825fb3e358457566d7326d8aab2406a, d8f867fa0825fb3e358457566d7326d8aab2406a, d8f867fa0825fb3e358457566d7326d8aab2406a

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 14, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›