Impact
The vulnerability is a SOFTIRQ‑unsafe lock order that can cause a deadlock between tasklist_lock and other locks when send_sigio or send_sigurg are invoked from softirq context. A process group with FASYNC enabled can be forced into a self‑inflicted deadlock when an urgent TCP packet or an input event triggers signal delivery. The resulting deadlock stalls kernel progress, effectively bringing the system to a halt and allowing an attacker to cause a denial of service.
Affected Systems
All Linux kernel builds that include the tasklist_lock read_lock in send_sigio or send_sigurg and do not yet apply the patch that replaces it with rcu_read_lock. The affected vendors are the Linux kernel maintainers; no specific distribution version is listed in the supplied data.
Risk and Exploitability
The CVSS score of 7.5 classifies the vulnerability as high severity, and the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The potential for exploitation remains, however, because an attacker with the ability to influence TCP URG packets or trigger input events can provoke the deadlock. The vulnerability is not listed in the CISA KEV catalog, but the denial‑of‑service impact of a kernel deadlock would affect all processes on the affected host.
OpenCVE Enrichment
Debian DLA