Impact
A race condition occurs in the Linux kernel between an af_unix socket connect and a BPF sockmap update. The bug allows the socket to be marked as established before its peer is set, causing a null pointer dereference in unix_stream_bpf_update_proto(). The result is a kernel panic that takes the system down, presenting a medium‑severity denial of service. The weakness is classified as a race condition (CWE‑367). Based on the description, it is inferred that an attacker would need the ability to load or attach BPF programs that perform sockmap updates, implying a local‑privileged attack vector.
Affected Systems
The flaw exists in any Linux kernel release that does not contain the patch introduced by commit 041eb6348d73ee5e15fc8161f1eac5a6e8289ca0. Because the affected code path is part of the core socket implementation, all distributions running an unpatched kernel are potentially impacted; no specific kernel version list is supplied in the data, which is explicitly acknowledged.
Risk and Exploitability
The CVSS score of 7.0 indicates a medium severity, but the EPSS score of less than 1% suggests that the likelihood of exploitation is low. The vulnerability is not listed in the CISA KEV catalog, further indicating limited real‑world exploitation. Exposing a kernel crash requires a local context that can load or attach BPF programs capable of performing sockmap updates; based on the description, it is inferred that a local‑privileged attacker is required. To trigger the crash, an attacker would need to orchestrate a race between a socket connect and a BPF sockmap update, which, while technically feasible, has low probability of success under normal conditions.
OpenCVE Enrichment
Debian DLA