The flaw is a use‑after‑free in the Linux kernel’s AMDX DNA accelerator driver. Jobs scheduled to run on a hardware context while that context is being released can free memory that the job’s code still uses, causing the kernel to crash. The driver now stops job scheduling before releasing resources and checks whether the context is still active after the release. This defect does not permit arbitrary code execution; its primary effect is to destabilize the system by triggering a kernel panic and preventing services from operating normally.

Any Linux kernel that contains the unpatched accel/amdxdna code is vulnerable. Because no specific kernel version is listed, all distributions running an older kernel that has not incorporated the fix in the cited commit are affected. The issue exists in the generic Linux:Linux family, so all mainstream distributions using a kernel built from the upstream source tree are at risk until they update to a kernel that includes the patch.

The EPSS score is not publicly available and the vulnerability is not in the CISA KEV catalog, indicating no known exploit activity. The CVSS score is omitted from the data, so the formal severity is unknown. The vector likely requires local or elevated privileges to submit jobs to the accelerator; an attacker must be able to schedule work on the hardware context to trigger the use‑after‑free. In environments where the accelerator is used, the risk is moderate to high as a crash can service‑disrupt a critical system component, but the lack of remote or privilege‑escalation vectors limits the damage to local hosts.