Impact
The vulnerability arises from incorrect size calculation in the slub allocator's krealloc path. During a shrink operation or NUMA migration, the code copies data using an to a buffer overflow. The overflow can overwrite adjacent memory or trigger a data loss in NUMA migration, potentially compromising kernel memory integrity and enabling privilege escalation.
Affected Systems
Linux kernel, any version without commit 2cd8231796b5 that introduces the temporary reallocation logic. All architectures that use the slub allocator are impacted.
Risk and Exploitability
The CVSS score is 5.5, the EPSS score is < 1%, and the vulnerability is not listed in KEV. Nevertheless, the buffer overflow can allow arbitrary code execution in kernel mode under suitable conditions. Attackers could trigger the flaw via crafted kernel allocations, such as by invoking krealloc_node_align with incompatible size or alignment, leading to memory corruption. Given the kernel context and lack of mitigation by default, the risk is considered high for systems exposing vulnerable allocations.
OpenCVE Enrichment
Ubuntu USN