Impact
The vulnerability in the Linux kernel arises when a DMA buffer can share a cacheline with a mutex, causing a race condition between DMA operations and kernel synchronization. Because a DMA controller can read or write to the buffer simultaneously with mutex access, this can result in inconsistent or corrupted kernel data structures if exploited. The weakness is identified as CWE‑821, representing an improper isolation of shared buffers leading to data corruption.
Affected Systems
Any Linux kernel build that incorporates the hwmon powerz driver and does not apply the patch to avoid cacheline sharing between DMA buffers and mutexes is potentially affected. Since the CVE does not list explicit kernel versions, all releases prior to the inclusion of the fix in the source tree are at risk.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% reflects a low probability of exploitation in the wild. The flaw would likely require privileged access or a malicious DMA controller to manipulate the kernel buffer concurrently with mutex activity. No public exploit is known and the vulnerability is not listed in CISA KEV, but the potential for memory corruption warrants prompt remediation.
OpenCVE Enrichment
Ubuntu USN