A race condition exists in the Linux kernel’s mlx5e network driver, which manages IPSec offload (ASO) operations. The driver uses a single shared context for all ASO processes per physical function. Because the ASO spinlock is released before the hardware finishes processing the associated Work Queue Element, an immediate subsequent operation can overwrite the DMA‑mapped context. When the first operation finally completes, it reads this corrupted context, leading to incorrect results and unpredictable kernel behavior. The underlying weakness is a race condition between resource release and use (CWE‑821).

The vulnerability affects Linux kernels that include the mlx5e driver with IPSec offload support. Any distribution or custom kernel that loads this driver prior to the applied fix is susceptible. Specific affected kernel versions are not enumerated in the available data, so all kernels using the unpatched mlx5e implementation should be considered at risk.

The CVSS score of 7.0 indicates a high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, further indicating limited real‑world exploitation. Exploitation would likely require a race between remotely triggered IPSec offload transactions or privileged network traffic to trigger concurrent access, which is inferred from the description. If exploited, the attacker could cause kernel data corruption, potentially leading to privilege escalation or denial of service. The current impact is limited to improper driver behavior but could evolve into a broader system compromise if memory corruption occurs.