Impact
The Linux kernel’s PSP network driver contains a race condition that allows a device to be unregistered while an association is being created. The code obtains a reference to a device, releases the reference, and then takes a lock that should prevent the device from being removed. If the device is unregistered between the reference release and lock acquisition, the driver may later operate on a freed object, resulting in memory corruption or a kernel panic. This scenario maps to CWE-367 (Race Condition).
Affected Systems
All Linux kernel releases that include the PSP network driver and lack the defensive check added in the recent commit. Explicit version numbers are not listed in the advisory; any kernel code path that runs the buggy psp_assoc_device_get_locked routine is potentially vulnerable until the patch is applied.
Risk and Exploitability
The EPSS score is reported as < 1%, indicating a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. No public exploits are documented in the advisory, and exploitation would likely require a crafted packet sequence or local privileged access to trigger the race condition. While the potential impact is severe, the overall risk remains uncertain due to the low likelihood of successful exploitation.
OpenCVE Enrichment