VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Apr 15, 2026

CVE-2025-40229

CVE-2025-40229

Description

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme

Currently, damon_destroy_scheme() only cleans up the filter list but leaves ops_filter untouched, which could lead to memory leaks when a scheme is destroyed.

This patch ensures both filter and ops_filter are properly freed in damon_destroy_scheme(), preventing potential memory leaks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory leak in Linux kernel's DAMON subsystem due to missing ops_filter cleanup in damon_destroy_scheme, fixed by proper deallocation.

The Linux kernel's DAMON (Data Access Monitoring) subsystem provides a function damon_destroy_scheme() to destroy a monitoring scheme. The function correctly freed the scheme's filter list but did not free the ops_filter field, leaving it allocated and causing a potential memory leak when the scheme is destroyed [1].

This vulnerability can be triggered by any local user capable of creating and destroying DAMON schemes, which typically requires the CAP_SYS_ADMIN capability or similar privileges. By repeatedly allocating and destroying schemes, an attacker can cause kernel memory exhaustion, leading to a denial-of-service condition.

The impact is limited to resource exhaustion; no privilege escalation or information disclosure has been associated with this issue. The memory leak can degrade system performance and eventually cause instability.

The Linux kernel developers have addressed the issue by ensuring that both filter and ops_filter are properly freed in damon_destroy_scheme(). The fix has been backported to stable kernels as seen in commits [1] and [2]. Users are advised to update to the latest kernel versions to mitigate this vulnerability.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

2
ff8dcf621a41
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7071537159be
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.