Impact
A use‑after‑free flaw exists in kernel functions that gather information about offloaded BPF maps or programs. When the network namespace is being torn down, the kernel may increment a reference count on a zeroed object, triggering a memory fault. Based on the description, it is inferred that an attacker could trigger the vulnerable code path while the namespace is being destroyed, potentially leading to a kernel panic or arbitrary code execution, which could manifest as denial‑of‑service or privilege escalation.
Affected Systems
All Linux kernel distributions that shipped a kernel version prior to the application of the fix referenced in the advisory. The vendor list indicates that every deployment using the generic Linux kernel is vulnerable until the fix is applied.
Risk and Exploitability
The CVSS score of 7.0 indicates high severity, while the EPSS score of <1% suggests a low probability of exploitation at present. The vulnerability is not listed in CISA KEV. Based on the description, it is inferred that exploitation would likely require local or privileged access, enabling an attacker to inject a BPF program that queries information about offloaded maps or programs during a network namespace teardown. There is no publicly documented workaround, so the only effective defense is applying the fixed kernel.
OpenCVE Enrichment