CVE-2026-23144 in Linux
Summary
by MITRE • 02/14/2026
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure
When a context DAMON sysfs directory setup is failed after setup of attrs/ directory, subdirectories of attrs/ directory are not cleaned up. As a result, DAMON sysfs interface is nearly broken until the system reboots, and the memory for the unremoved directory is leaked.
Cleanup the directories under such failures.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/18/2026
The vulnerability identified as CVE-2026-23144 resides within the Linux kernel's DAMON (Dynamic AMD Memory Overcommitment) subsystem, specifically within the memory management component mm/damon/sysfs. This issue represents a resource management failure that occurs during the initialization process of DAMON sysfs directories, demonstrating a classic case of improper cleanup following operational failures. The vulnerability manifests when the system attempts to establish a context DAMON sysfs directory structure but encounters a failure during the setup process after successfully creating the attrs/ subdirectory. This partial initialization creates a state where the system's memory management interface becomes partially corrupted and non-functional until complete system reboot occurs. The root cause lies in the failure to implement proper cleanup procedures for partially constructed directory hierarchies, leading to both resource leakage and interface corruption.
The technical flaw constitutes a memory management issue that directly violates the principle of resource cleanup and proper state management within kernel subsystems. When the context directory setup fails, the system creates the attrs/ directory but fails to properly remove it and its subdirectories upon encountering the subsequent failure in the setup process. This creates a persistent state where the DAMON sysfs interface remains in a broken condition, preventing proper memory management operations and consuming unnecessary memory resources. The vulnerability operates at the kernel level system call interface and affects the memory management subsystem's ability to properly initialize and maintain its sysfs interface. The issue falls under the category of improper cleanup and resource management, which is classified as CWE-459 in the Common Weakness Enumeration system, representing incomplete cleanup of resources.
The operational impact of this vulnerability extends beyond simple resource leakage, as it fundamentally breaks the DAMON subsystem's functionality within the Linux kernel. This disruption affects memory management operations that depend on DAMON's sysfs interface, potentially leading to degraded system performance and memory allocation issues. The partial cleanup failure creates a persistent state where the system cannot properly utilize memory management features until a complete reboot occurs, effectively creating a denial of service condition for memory management functions. The memory leak aspect compounds the problem by consuming additional system resources, which can lead to resource exhaustion under sustained conditions. This vulnerability directly impacts the reliability and stability of systems that depend on DAMON for memory management optimization and monitoring.
Mitigation strategies for CVE-2026-23144 require immediate kernel updates that implement proper cleanup procedures for the DAMON sysfs directory structure. The fix must ensure that when context directory setup fails after attrs/ directory creation, all associated subdirectories are properly removed to maintain system integrity. System administrators should monitor for kernel updates that address this specific vulnerability and apply patches promptly to prevent potential memory management disruptions. The solution involves implementing proper error handling and cleanup routines that follow the principle of "try to do everything, but clean up everything if anything fails" which aligns with the ATT&CK framework's system and information integrity concepts. Organizations should also consider implementing monitoring solutions that can detect unusual memory usage patterns or sysfs interface corruption that might indicate this vulnerability's exploitation. Regular system audits and vulnerability assessments should include checks for proper cleanup of kernel subsystems, particularly those involving dynamic directory creation and management operations.