Impact
The vulnerability arises when a 32‑bit unsigned integer for region_count overflows while calculating the size of bitset buffers in the device‑mapper log subsystem, an instance of CWE-190. The overflow causes heap allocations that are far smaller than needed, allowing writes beyond the allocated memory and leading to a kernel panic. The crash manifests as a scheduling fault in core_in_sync, forcing a system reboot.
Affected Systems
Any Linux system running a kernel that contains the original dm_log implementation prior to the fix. The issue is identified in the Linux kernel’s device‑mapper target handling and affects all distributions that ship an un‑vulnerable dm_log code.
Risk and Exploitability
The defect permits an out‑of‑bounds write that can destabilize the kernel, effectively triggering a denial of service. Exploitation requires the ability to create a bespoke device‑mapper table. Based on the description, it is inferred that creating device‑ sufficient privileges, but the CVE description does not explicitly state the exact privilege level. The EPSS score is less than 1%, indicating a very low probability of exploitation, and the vulnerability is not listed in the C CVSS score of 7.0 indicates high severity, and the impact of a kernel crash and the ease of constructing a triggering table suggest a high severity risk for affected hosts.
OpenCVE Enrichment
Debian DLA