Impact
The bug occurs in the Linux kernel’s page allocation subsystem when a non‑maskable interrupt (NMI) context performs page allocation on a single‑processor (non‑SMP) kernel. Because the spinlock trylock becomes a no‑op on UP kernels, the function alloc_frozen_pages_nolock() can re‑enter the rmqueue routine and acquire a zone lock that is already held by the interrupted context, corrupting the free list structures. This race condition can overwrite free pages metadata, leading to arbitrary kernel memory corruption or a system crash. The vulnerability originates from improper lock handling (CWE‑853) and incorrect memory handling (CWE‑413).
Affected Systems
The issue is present in all Linux kernel releases that run without SMP (CONFIG_SMP disabled). No specific version range was supplied, so any kernel built for a single‑processor system that has not been patched to add an early NULL return in alloc_frozen_pages_nolock() when called from NMI context is affected.
Risk and Exploitability
The CVSS score of 5.5 indicates a medium severity vulnerability. The EPSS score is 0.00121, indicating a very low exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog, so the likelihood and current exploitation data remain uncertain. An attacker would need to trigger a faulting NMI that invokes page allocation, which may require privileged access to load or reinject code. Nonetheless, because the bug causes memory corruption in kernel space, successful exploitation could lead to denial of service or privilege escalation if the attacker can construct a malicious page allocation scenario. The low EPSS score suggests minimal current exploitation activity, but the core nature of the bug still indicates a medium‑impact risk for affected systems.
OpenCVE Enrichment
Ubuntu USN