Impact
The vulnerability arises in the Linux kernel BPF subsystem when the bpf_fd_array_map_clear function fails to yield the CPU during a loop that clears entries from a PROG_ARRAY map. The loop repeatedly calls a resource‑intensive routine and, without a call to cond_resched(), can cause the RCU subsystem to stall under heavy load. When RCU stalls, callbacks and workqueue items are delayed, which can make the system unresponsive and effectively result in a denial‑of classified as CWE‑820, indicating improper restriction of operations in a critical subsystem.
Affected Systems
The flaw affects all Linux kernel releases that contain the bpf_fd_array_map_clear function before the patch commit 4406942e65ca128c56c67443832988873c21d2e9 is applied. Kernels older than or equal to 6.14.0-13195-g967e8def1100 are known to be vulnerable, and the advisory references list the precise commit series that add the missing cond_resched().
Risk and Exploitability
The CVSS score is 5.5, indicating moderate severity, while the EPSS score of < 1% shows that the is not listed in CISA’s KEV catalog. The description and logs suggest that the attack vector requires control over large BPF PROG_ARRAY maps, typically inherited by privileged users or applications that expose BPF functionality to untrusted code. Since the vulnerability is triggered by clearing many entries under load, the risk is moderate rather than high, but the potential impact of an RCU stall justifies prompt remediation. (The inferred attack vector is outlined because it is not explicitly stated in the official description.)
OpenCVE Enrichment