Impact
In the Linux kernel, the smc_msg_event tracepoint unconditionally dereferences smc->conn‑D sockets. When a first sendmsg() or recvmsg() is performed on an SMC‑D socket with the tracepoint enabled, a general protection fault occurs, leading to a kernel crash. The fault results from a null‑pointer dereference.
Affected Systems
All Linux kernel installations that have not incorporated the fix to guard against NULL dereference in smc_msg_event. The vulnerability resides in the core kernel source and applies to all distributions that ship a kernel prior to the patch.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity, while the EPSS score (< 1%) reflects a very low likelihood of exploitation. The vulnerability is not listed in CISA KEV. Enabling the tracepoint requires root privileges; however, once enabled, any local user can trigger the crash by sending messages on an SMC‑D socket. This latter scenario is inferred from the description: the trigger code is unprivileged, but depends on the tracepoint having been activated by an administrator. Consequently the practical attacker model consists of local users on a system with the tracepoint pre‑enabled, resulting in a denial of service via kernel crash.
OpenCVE Enrichment
Debian DLA