CVE-2026-46121 Linux CVE debrief

Who should care

Linux system administrators running kernels with DAMON enabled; security teams tracking kernel memory management vulnerabilities; organizations with multi-user Linux environments where untrusted local access is possible

Technical summary

The DAMON (Data Access MONitor) subsystem in the Linux kernel provides a sysfs interface for memory monitoring schemes. The memcg_path parameter in damon_sysfs_scheme_filter can be read and written by users through sysfs files. While parameter committing reads are protected by damon_sysfs_lock, user-driven direct reads and writes were not synchronized. When a write operation frees the memcg_path buffer while a concurrent read (via separate file descriptor) attempts to access it, use-after-free occurs. The vulnerability affects the mm/damon/sysfs-schemes.c component. The fix extends damon_sysfs_lock coverage to protect both user-direct reads and writes of memcg_path and path files.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable branches when available for your distribution
• Monitor vendor security advisories for kernel updates addressing CVE-2026-46121
• Restrict untrusted local access to DAMON sysfs interfaces as interim mitigation
• Verify damon_sysfs_lock is present in kernel source if building custom kernels

Evidence notes

Vulnerability description confirms use-after-free in DAMON sysfs memcg_path handling. Patch series explicitly addresses race condition between reads and writes. Multiple stable kernel commits provided indicate backporting to affected versions.

Official resources