Impact
The vulnerability is a race condition in the Linux kernel’s reuseport BPF program handling. When a BPF filter on a UDP socket that uses SO_REUSEPORT is replaced while another thread is sending traffic, the kernel may free the old cBPF program before the RCU grace period has completed. This triggers a use‑after‑free (CWE‑364) that corrupts kernel memory. A local attacker who can control the BPF programs can cause arbitrary memory corruption, potentially enabling privilege escalation or denial of service.
Affected Systems
All Linux kernel releases that expose reuseport BPF programs and have not yet incorporated the patch that defers freeing until after an RCU grace period are affected. No specific version range is provided in the advisory; users should verify whether the relevant commit is present in their kernel tree.
Risk and Exploitability
The CVSS score is 7.8, indicating high severity. The EPSS score is less than 1 %, reflecting a very low probability of exploitation at this time. The flaw is not listed in the CISA KEV catalog. Exploitation requires local access with the ability to configure reuseport BPF programs on a UDP socket and manipulate traffic during the reaction window. No public exploits are known, but the potential for kernel memory corruption makes mitigation a priority.
OpenCVE Enrichment
Debian DLA
Debian DSA