CVE-2026-52905

Source
https://cve.org/CVERecord?id=CVE-2026-52905
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-52905.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-52905
Downstream
Related
Published
2026-06-09T12:36:02.516Z
Modified
2026-06-18T03:54:21.398130941Z
Summary
mm/damon/core: disallow non-power of two min_region_sz on damon_start()
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: disallow non-power of two minregionsz on damon_start()

Commit d8f867fa0825 ("mm/damon: add damonctx->minszregion") introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b ("mm/damon/core: disallow non-power of two minregionsz") fixed it, but only for damoncommitctx() use case. Still, DAMON sysfs interface can emit non-power of two minregionsz via damonstart(). Fix the path by adding the ispowerof2() check on damonstart().

The issue was discovered by sashiko [1].

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52905.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d8f867fa0825fb3e358457566d7326d8aab2406a
Fixed
1de2db19a6028abe7d905875922faef5b873de67
Fixed
89b6226b6c2a4add3939f361653a47c212d6ab75
Fixed
95093e5cb4c5b50a5b1a4b79f2942b62744bd66a

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-52905.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.0
Fixed
6.18.30
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-52905.json"