The kernel enforces that only a single process may open the SELinux policy file at a time, and once opened it blocks all other processes from reading the policy. Any process with permission to perform the open can therefore prevent other processes from accessing policy information, disrupting security auditing and potentially other SELinux functions. The issue does not provide an avenue for code execution or data exfiltration, but it can be abused to compromise availability of critical security data.

All Linux kernel implementations are affected. There is no specific version list provided; any kernel that has not incorporated the change described in the referenced commits is vulnerable. The issue appears in the mainline repository and therefore applies to distributions that have not updated to a patched kernel.

The vulnerability is a local denial of service exploit. Strength and likelihood are not quantified in the CVSS metric, and the EPSS score is not available. It is not listed in the CISA KEV catalog. An attacker would need the ability to open /sys/fs/selinux/policy, which is typically restricted to processes with elevated privileges or those running with SELinux enforcement enabled. Once the file is opened, the process can block any other read attempts, effectively denying access to policy data for the duration of the open. Since the attack can be performed by a local user with sufficient permissions, the risk is primarily for environments where policy information must remain available to multiple processes.