Impact
In the Linux kernel, the dm_cache policy segment management queue (smq) lacked synchronization when invalidating cache blocks while in passthrough mode. When multiple workers invoke the invalidate_mapping operation concurrently, a data race may corrupt the allocated blocks counter or trigger a use‑after‑free of internal data structures. Because the kernel runs with privileged execution, such corruption can manifest as a kernel panic or provide a vector for arbitrary code execution at kernel level.
Affected Systems
All Linux kernel installations that employ the dm_cache device with the smq policy are potentially affected. Any distribution whose kernel version does not include the missing lock fix—version information is not specified in the advisory—could be at risk. This includes systems that enable passthrough mode on dm_cache devices for direct I/O.
Risk and Exploitability
The CVSS score of 7.8 indicates a moderate to high severity vulnerability, while the EP score of <1% suggests a very low but non‑zero likelihood of exploitation in the wild. The race condition and possible use‑after‑free can lead to kernel panic or privilege escalation, but the required race scenario (concurrent writes in passthrough mode) may limit the ease of exploitation. No public exploit is known and the vulnerability is not listed in the CISA KEV catalog, indicating that while the window for exploitation exists, it has not yet been widely abused.
OpenCVE Enrichment
Debian DLA