CVE-2026-52905
Reported by Linux · Published June 9, 2026
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_region") introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b ("mm/damon/core: disallow non-power of two min_region_sz") fixed it, but only for damon_commit_ctx() use case. Still, DAMON sysfs interface can emit non-power of two min_region_sz via damon_start(). Fix the path by adding the is_power_of_2() check on damon_start(). The issue was discovered by sashiko [1].
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | d8f867fa0825fb3e358457566d7326d8aab2406a, d8f867fa0825fb3e358457566d7326d8aab2406a, d8f867fa0825fb3e358457566d7326d8aab2406a |
| Linux | Linux | 6.18, 0, 6.18.30 |
| linux | linux_kernel | 6.18, 6.18, 6.18 |
| Linux | Linux | d8f867fa0825fb3e358457566d7326d8aab2406a, d8f867fa0825fb3e358457566d7326d8aab2406a, d8f867fa0825fb3e358457566d7326d8aab2406a |
Timeline
- Jun 9, 2026 CVE Published
- Jun 10, 2026 Coalition ESS Score
- Jun 14, 2026 CVE Updated