The vulnerability stems from concurrent manipulation of the kernel list ‘mfd_of_node_list’ without adequate mutual exclusion, creating a race condition that can lead to kernel crashes. The attacker can trigger this defect by inducing concurrent accesses, which would compromise integrity and availability of the affected system. The weakness corresponds to poor synchronization in shared data structures, a classic scenario that can culminate in a denial‑of‑service state but does not provide code execution.

All Linux kernel versions susceptible to this race condition. The exact affected releases are not enumerated in the available data, but any distribution using a kernel built before the commit that added the mutex would be vulnerable.

The enterprise risk is high because a local or privileged attacker could force the kernel to crash, rendering the host unusable. No EPSS value is available, and the vulnerability is not listed in CISA’s KEV catalog. While the CVSS score is not supplied, the nature of the flaw—kernel race leading to a catastrophic crash—implies a severity level typically in the 8–9 range. The typical attack vector is local privilege escalation or malicious use of a kernel module that accesses the multi-function device subsystem, though the exact prerequisites are not detailed in the description.