Impact
The vulnerability is a double-free in the Linux kernel’s TIPC module, specifically in tipc_buf_append(). During validation, tipc_msg_validate may reallocate a socket buffer; if the allocation fails, the error path frees the original buffer again, corrupting kernel memory and potentially causing a crash.
Affected Systems
It affects all Linux kernel builds lacking the commit that introduced the fix. All distributions that ship an unpatched kernel containing the vulnerable TIPC code are impacted, regardless of specific kernel version.
Risk and Exploitability
With a CVSS score of 9.8, the flaw is considered critical; however, the EPSS score of less than 1% indicates a very low current exploitation probability. The vulnerability is not present in the CISA KEV catalog. The likely attack vector involves sending a crafted TIPC packet that triggers tipc_msg_validate, leading to a double-free and kernel crash, although the precise exploitation conditions are inferred from the description.
OpenCVE Enrichment
Debian DLA