Impact
A double‑free bug in the Linux kernel Intel Ethernet driver (ice) occurs when packet transmission errors free a socket buffer (skb) twice. The second free allows the kernel to corrupt memory that may have been reused, which can lead to a crash or other kernel instability. The weakness is a classic Use‑After‑Free scenario and represents a local denial of service.
Affected Systems
All Linux kernel builds that include the ice driver and lack the patch that resets the tx_buf type to ICE_TX_BUF_EMPTY. Because specific kernel versions are not enumerated, any system with a kernel before the commit referenced in the advisory is potentially vulnerable. This includes distributions such as Ubuntu, RHEL, Debian, Fedora, and any custom kernel that uses the ice driver.
Risk and Exploitability
The EPSS score is < 1% and the vulnerability is not listed in CISA’s KEV catalog, indicating no known active exploitation. The CVSS score of 7.8 indicates a high severity, but the potential for a kernel crash suggests a high impact if exploited. Based on the description, the attack vector is inferred to be local, requiring an attacker to trigger a transmission failure in the ice driver. No public exploit has been reported, so the risk for a remote attacker is low, while a locally privileged user poses a moderate to high risk.
OpenCVE Enrichment