Impact
The Linux kernel’s fbnic driver has a race condition between its mailbox handler and the teardown routine that can result in a use‑after‑free race. When a firmware log write occurs while the driver is being removed, the fw_log structure may be freed or set to NULL, and the handler may later dereference it. This could cause a kernel panic or process crash, leading to denial of service or instability. The flaw is identified as CWE‑364.
Affected Systems
Any Linux system running a kernel that includes the fbnic driver without the referenced commit is vulnerable. The vulnerability applies to the default kernel in all distributions that ship the standard Linux kernel, as the affected vendor list indicates Linux:Linux. No specific kernel versions are documented, so any kernel revision that has not yet incorporated the patch is at risk.
Risk and Exploitability
The CVSS score of 5.5 places the vulnerability in the moderate category. The EPSS score of less than 1% indicates a very low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation would require local kernel interaction with the fbnic driver, likely involving privileged or root access to trigger concurrent mailbox activity and removal. Because the flaw can lead to a kernel crash, the risk is primarily denial of service rather than privilege escalation, but it should be treated as a high‑priority patching issue for affected systems.
OpenCVE Enrichment