The vulnerability is a use‑after‑free in the hypervisor memory mapping routine of the Linux kernel. When an error occurs during user memory mapping, the code frees a memory region without first unregistering the MMU notifier. If user space later unmaps that memory, the notifier handler runs on the freed region, leading to a crash of the kernel. The immediate consequence is a system‑wide denial of service via a kernel panic. "Use‑After‑Free" is a classic memory corruption weakness that can, in some contexts, also allow an attacker to manipulate kernel state, though no direct privilege‑escalation exploit is documented for this defect.

The affected component is the Linux kernel itself; the vendor is Linux. No specific patch level ranges are disclosed in the advisory, but the patched commit is included in recent kernel releases. All users of the kernel must verify whether the kasan/mshv_map_user_memory path is present and whether the kernel has been updated to the fixed version.

The CVSS score is not provided, but the failure leads directly to a kernel crash, which is a severe impact. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector would require the attacker to invoke the hypervisor user memory mapping routine, which typically is a privileged operation. Therefore, the exploitability is considered moderate to low in a typical production system without a malicious hypervisor, yet the consequence of a single crash is high. The risk is heightened for environments where a hypervisor is exposed to untrusted code.