The vulnerability arises when the Linux kernel finalizes an XFRM network namespace by freeing the policy_bydst hash tables immediately after flushing policy work items, without waiting for concurrent RCU readers to exit their read‑side critical sections. Because these tables are published via rcu_assign_pointer and accessed through rcu_dereference_check, the premature release can trigger a use‑after‑free scenario. An attacker could potentially exploit this race to crash the kernel or manipulate privileged data, leading to denial of service or escalation of privileges within the affected system.

The flaw is present in all versions of the Linux kernel that have not applied the patch that adds a synchronize_rcu() call before freeing the policy hash tables. No specific version range is listed; affected releases include any kernel built before the commit referenced in the advisory (e.g., 069daad4f2ae9c5c108131995529d5f02392c446).

The CVSS score is not provided, and the EPSS score is unavailable, but the issue is not currently listed in the CISA KEV catalog, indicating that no widespread exploitation has been reported. The exploit requires the ability to trigger a network‑namespace teardown while other contexts retain RCU references to the policy tables, which may limit the attack surface. Nevertheless, the potential for a kernel crash or privilege elevation warrants prompt action if the affected kernel version is in use.