The vulnerability resides in the Linux kernel’s llbitmap subsystem. A race condition exists where a barrier is raised only after calling the llbitmap_state_machine() function in both llbitmap_start_write() and llbitmap_start_discard(). If the state machine completes before the barrier is properly raised, concurrent modifications could occur, potentially corrupting llbitmap state or causing unintended behavior. Such a flaw could allow a local attacker to corrupt kernel data or trigger a denial‑of‑service scenario by taking advantage of the race between barrier enforcement and state transitions.

The affected vendor is Linux, specifically the Linux kernel. No specific version range is supplied in the CNA data, implying that recent kernels containing the commit that raises the barrier earlier are not vulnerable. Administrators should verify whether their kernel includes the patch corresponding to commit 9142f00a9287ca38152717e3e88a033a27774e7f or later stable releases.

The CVSS score is 5.5, EPSS not available, and the vulnerability is not listed in the CISA KEV catalog, so the quantitative risk assessment is limited. Nonetheless, as the flaw is inherent to kernel state management, it is a high‑potential risk for systems that can be targeted locally. An attacker with local or privileged access could trigger the race to corrupt mmapped data or force a kernel panic, resulting in partial or complete denial of service. The lack of external exploitation references suggests no publicly known exploit, but the underlying race condition remains a serious concern for kernel stability.