Impact
A race condition in the Linux kernel allows a concurrent RCU reader to access a socket storage element whose smap pointer has already been cleared, causing a null pointer dereference in bpf_sk. The resulting kernel fault leads to a general protection fault and a system crash, effectively denying service. The weakness is inadequate resource state handling (CWE‑825).
Affected Systems
All Linux kernel builds that include BPF socket storage support and that have not incorporated the NULL‑check fix. The necessary upstream commit was added to the mainline kernel; therefore any system running a kernel prior to that commit is affected.
Risk and Exploitability
The EPSS score of < 1 % indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. A successful exploitation requires either local access or elevated privileges to load BPF programs that exercise the faulting code paths. Because the flaw leads to a kernel crash, the impact is high in terms of availability, but remote or unauthenticated exploitation is unlikely. Timing and race condition resolution are required, so the overall risk remains moderate to high for impacted installations.
OpenCVE Enrichment