In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: disallow non-power of two minregionsz on damon_start()
Commit d8f867fa0825 ("mm/damon: add damonctx->minszregion") introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b ("mm/damon/core: disallow non-power of two minregionsz") fixed it, but only for damoncommitctx() use case. Still, DAMON sysfs interface can emit non-power of two minregionsz via damonstart(). Fix the path by adding the ispowerof2() check on damonstart().
The issue was discovered by sashiko [1].
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52905.json"
}