Impact
A race can arise during futex wait‑requeue‑PI and requeue‑PI when a task leaves early due to a signal or timeout while another higher‑priority task holds the futex. The leaving task cannot remove itself from the wait queue because it cannot acquire the required hold‑bucket lock; it blocks, and the other task busy‑loops trying to requeue, resulting in a live‑lock that stalls system progress. The impact is a denial of service at the kernel level, preventing all tasks from continuing and potentially freezing the system. The weakness is a concurrency race involving improper lock handling.
Affected Systems
Affected product: Linux kernel. The vendor is Linux, and the product is the kernel as a whole. Specific affected kernel versions are not listed in the provided data, so any kernel build that includes the unfixed futex implementation before the commit that fixes the issue may be vulnerable.
Risk and Exploitability
The CVSS score of 5.5 indicates a medium severity impact. The EPSS score of <1% suggests the probability of exploitation is low. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the most likely attack vector is local kernel exploitation, requiring the attacker to trigger a futex requeue while a higher‑priority task holds the lock. Because the flaw can cause a livelock that stalls system progress, the potential impact remains a denial of service at the kernel level. The conditions for this exploit are non‑trivial, as they involve higher‑priority tasks and race conditions, so it is unlikely to be widely abused but should still be mitigated promptly.
OpenCVE Enrichment
Debian DLA