CVE-2024-57886: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57886 was discovered in the Linux kernel, specifically affecting the DAMON (Data Access MONitor) core component. The vulnerability was disclosed on January 15, 2025, and involves memory leaks in the damoncommittargets() function. The issue affects only DAMON sysfs interface users, while other DAMON core API user modules like DAMONRECLAIM and DAMONLRU_SORT are not impacted (NVD).

The vulnerability stems from two bugs in damoncommittargets() and damoncommitschemes() functions, which are called from damoncommitctx(). When new DAMON targets are added via damoncommittargets(), the newly created targets are not properly deallocated when updating the internal data (damoncommittarget()) fails. Additionally, even when the setup is successful, the new target is not linked to the context, resulting in target objects being leaked regardless of the internal data setup failure (Kernel Commit).

The vulnerability results in memory leaks when using the DAMON sysfs interface. These leaks occur consistently when new DAMON targets are added, potentially leading to system memory resource exhaustion over time (NVD).

The issue has been fixed through a patch that properly deallocates new target objects when damoncommittarget() fails and ensures proper linking of new targets to the context. The fix was implemented in the Linux kernel through commit 8debfc5b1aa569d3d2ac836af2553da037611c61 (Kernel Commit).