The vulnerability is a double free in the Linux kernel’s RDMA/pvrdma driver, triggered when pvrdma_uar_free() is called twice on the same context. This double free, identified as CWE-1341 and CWE-415, can corrupt kernel memory, potentially causing a kernel panic or creating a vector for privilege escalation if the freed memory is reused maliciously. The description does not list a specific exploitation chain, but kernel memory corruption can lead to system instability or arbitrary code execution when combined with other weaknesses. The likely attack vector, inferred from the description and typical RDMA exposure, is that an attacker capable of inducing the error path (for example through specially crafted RDMA traffic or by exploiting a local privileged process) could trigger the double free.

All Linux kernel versions before the inclusion of the fix commit are affected. The flaw resides within the core linux kernel’s RDMA/pvrdma driver, which is part of the standard kernel distribution.

The double free is a kernel-level memory corruption issue. An attacker who can trigger the error path—most likely through crafted RDMA traffic or via a local privileged user (inferred)—could cause a denial of service by crashing the kernel. While the current description does not provide a detailed exploit chain, double frees can be leveraged for privilege escalation if coupled with other vulnerabilities. The EPSS score is < 1% and the CVSS score of 7.8, and the vulnerability is not listed in CISA KEV, so the likelihood of spontaneous exploitation in the wild is unclear, but a kernel crash remains a significant risk once an attacker reaches the affected code path.