Impact
The defect lies in the Linux kernel’s s390 Customer I/O subsystem: the function that allocates subchannels initializes the device before setting DMA masks. If the subsequent DMA calls fail, the routine frees the subchannel structure with a direct kernel free, leaking the device reference held by the kernel’s device model. This mis‑management can cause a use‑after‑free or double‑free condition, potentially leading to memory corruption or a kernel panic. The weakness is identified as CWE‑401 (Memory Leak) and CWE‑911 (Double Free).
Affected Systems
All Linux kernels running on the s390 architecture that have not incorporated the posted commit are affected. The patch applies to every unfixed s390 release, regardless of vendor or distribution customizations.
Risk and Exploitability
With a CVSS score of 5.5 and an EPSS score of less than 1%, the vulnerability falls into the medium severity band and is considered unlikely to be widely exploited today. It is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker requires local or privileged rights to trigger the subchannel allocation routine; the likely attack vector is a local privilege escalation using the system’s s390 subchannel allocation interface. If the failure path is executed, the resulting memory corruption or panic could provide kernel‑level execution opportunities, but the risk remains constrained to environments where the compromised API is reachable.
OpenCVE Enrichment
Debian DLA
Ubuntu USN