Impact
Wrong argument handling in the Linux DRM/msm driver caused non-_NO_SHARE buffer objects to be unbound from the virtual memory map without acquiring the necessary lock. This race condition can allow concurrent access to shared resources, potentially corrupting kernel memory or causing a crash. The vulnerability occurs during UNMAP operations and threatens the integrity of the kernel’s graphics memory management.
Affected Systems
All Linux kernel releases lacking the vm_bind unmap locking fix are affected; the flaw is limited to the DRM/msm driver stack, so any distribution shipping a kernel version without the patch is vulnerable.
Risk and Exploitability
The issue is a race condition that requires privileged kernel context and concurrent unbinding of buffer objects. The CVSS score of 7.8 indicates high severity, and the EPSS score < 1% indicates that exploit probability is low. It is not listed in CISA KEV. Remote exploitation is unlikely, but a local privileged actor or compromised process could induce data corruption or cause a denial-of-service within the kernel.
OpenCVE Enrichment