The cpumask_of_node() routine in the LoongArch architecture of the Linux kernel fails to validate the NUMA_NO_NODE index, a legitimate value used by the kernel to denote an uninitialized NUMA node. When this unchecked value is passed, the function can access memory outside the intended range, potentially leading to kernel corruption or a panic that results in a system-wide crash. The weakness is rooted in an improper bounds check on a memory buffer, which can directly affect system availability and stability.

All Linux kernel installations that run on LoongArch processors and were built with a kernel version prior to the application of the fix. The bug applies to both kernel source tree variants listed under Linux:Linux, but no specific sub‑version information is available in the data set.

The CVSS score of 7.8 indicates a high severity flaw that can cause a kernel crash if exploited. The EPSS score of <1% suggests the chance of exploitation in the wild is low, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires manipulation of internal kernel data structures, meaning an attacker would need local privileged access or influence over the kernel’s use of cpumask_of_node(). If successfully executed, the impact is a complete system crash. Given the severity and the local execution prerequisite, the most likely attack scenario is a local privileged exploitation that directly manipulates kernel memory or CPU mask functions.