Impact
The Linux kernel bug in the IPMI over SSIF subsystem creates an orphaned kernel thread when an error occurs between thread creation and interface initialization; the thread continues to run, consuming CPU time and memory until the error is fully handled, which can degrade system performance or exhaust resources. This constitutes a resource leak weakness identified as CWE‑772.
Affected Systems
All Linux kernel installations that include the legacy IPMI SSIF implementation are affected. The vendor is Linux and the product is the Linux kernel. No specific version numbers are supplied, but any kernel built from source before the commit that introduced the cleanup fix is vulnerable.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity. The EPSS score of <1% shows a very low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the likely attack vector is a local kernel error triggered by malformed firmware or misconfigured drivers that cause the SSIF thread to start before cleanup, requiring privileged local access or kernel compromise to activate. No remote exploitation path is indicated.
OpenCVE Enrichment
Debian DLA
Ubuntu USN