CVE-2026-46020

medium Red Hat
Published: May 27, 2026 (44 days ago)
Last Modified: May 27, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in the Linux kernel's DAMON (Data Access MONitor) core. A privileged local user can exploit this vulnerability by providing an invalid node ID to `damos_quota_goal->nid` for `node_mem_{used,free}_bp` via the DAMON user-space tool. This improper validation can lead to an out-of-bounds memory access, potentially causing a kernel NULL pointer dereference and system instability.

CWE

CWE-1285

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References