Impact
The vulnerability involves a use-after-free in the Linux kernel PCI device driver function testdrv_probe(). A reference to the OpenFirmware device node_platform_default_populate(). This flaw can corrupt memory, potentially allowing an attacker to corrupt kernel data structures, crash the system, or execute arbitrary code with kernel privileges.
Affected Systems
The affected product is the Linux kernel. No specific version range is provided in the advisory; the fix was applied in kernel commits starting with 07fd339b2c253205794bea5d9b4b7548a4546c56 and later. Linux, as the vendor, is the only identified product.
Risk and Exploitability
Exploitability is quantified with an EPSS score of < 1% and a CV vulnerability is not listed in the CISA KEV catalogue. Use-after-free flaws are generally high severity when an attacker can load the vulnerable driver or otherwise influence its execution. Based on the description, it is inferred that an attacker would need local or elevated access to load the driver, after which the freed reference could lead to memory corruption or denial of service. The likely attack path is to trigger the driver via a device that uses testdrv, unless mitigated by disabling the driver or updating the kernel.
OpenCVE Enrichment
Ubuntu USN