Attacks targeting the Linux perf subsystem’s ARM Common Memory (CMN) path allow an attacker to supply hardware that does not match the kernel’s expectations. The legacy code assumed upper bounds on array sizes and numbers of features, and if a newer or larger CMN node is presented, a buffer overflow can occur in memory. This memory corruption could lead to loss of confidentiality, integrity, or availability of the kernel. The impact is limited to environments where the kernel parses device trees for CMN nodes, so the likely attack vector is local, as the fault manifests during boot or when the kernel queries hardware; the consequence is either denial of service through a kernel panic or potential local privilege escalation if the overflow is exploitable.

Linux kernels that include the perf/arm-cmn module and have not yet applied the fix. All releases before the patch commit referenced in the kernel documentation are potential targets. Because the bug operates in early boot when the kernel parses device trees, any system that boots a kernel with that legacy code – regardless of distribution – is potentially exposed. Kernels on the ARM architecture that still ship older CMN handling logic should be updated.

The CVSS score is not provided and EPSS is unavailable, and the flaw is not listed in the CISA KEV catalog, indicating no publicly known exploitation campaigns. Nevertheless, the vulnerability can lead to kernel panic or privilege elevation, so it presents a moderate to high risk for environments where hardware configuration changes or unknown CMN nodes are possible. Exploitation requires local access or control over the hardware configuration presented to the kernel, and the likely attack vector is local manipulation of the device tree during boot or plug‑in events.