Impact
During TLB synchronization the kernel traverses and modifies the page table without holding the required lock, introducing a race condition that may lead to incorrect page table entries. The weakness is identified as lack of proper synchronization (CWE‑414). It could cause unpredictable behavior in kernel memory handling, but the CVE does not confirm any specific corruption or exploitation.
Affected Systems
All Linux kernel releases built from source that include the TLB synchronization code before commit 102331b66bcaf1f41f50b9c4cd5c36e46bafa9f3 are potentially affected. Any distribution shipping such kernels remains vulnerable until the patch is applied or the kernel is upgraded.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity. EPSS shows a likelihood of exploitation below 1 %, and the vulnerability is not listed in the CISA KEV catalog. Exploiting the condition would require concurrent TLB sync operations, implying that an attacker needs local kernel access to orchestrate a race. No public exploits or proof‑of‑concepts have been disclosed. The attack vector is therefore inferred as local and dependent on a vulnerable kernel running on an SMP or multi‑threaded system.
OpenCVE Enrichment