During PCI P2P DMA page mapping, a failure in vm_insert_page() causes the helper routine p2pmem_alloc_mmap() to skip a required release of a per‑CPU reference count. The unreleased reference prevents the kernel from freeing memory mappings of the PCI device, and memunmap_pages() blocks indefinitely during device removal, leading to a system hang that disrupts availability but does not directly expose data or alter system state. This flaw is a classic resource‑leak scenario where an invalidated reference count blocks clean de‑allocation.

The vulnerability affects all Linux kernel builds that use the p2pmem_alloc_mmap path for PCI P2P DMA and have not yet applied the commit adding the missing percpu_ref_put() call. The issue is independent of distribution or patch level and therefore impacts any kernel lacking the fix.

CVSS score of 5.5 indicates moderate severity; no public exploit or documented attacks are currently known, and the EPSS score is < 1%, indicating a very low exploitation probability. The defect does not expose remote code execution, but a local attacker with the ability to initiate PCI device removal could force a kernel deadlock. The likely attack vector is a user or privileged process that can trigger the removal of a PCI device, leading to the failure path. Because the failure path requires a specific kernel function to fail during page insertion, exploitation is unlikely unless additional vulnerabilities allowing arbitrary kernel writes exist. The KEV catalog does not list this CVE, so it is not known to have active exploitation in the wild.