Impact
The vulnerability arises from an RCU unsafe iterator in the dev_map_redirect_multi() function used by XDP packet handling. A missing acquire barrier allows a reader to dereference a node that a concurrent writer has only partially constructed on weakly‑ordered architectures such as ARM64 or POWER. This race can corrupt kernel data structures, potentially causing crashes or loss of data integrity. The flaw is a race condition (CWE‑821) and does not explicitly state that privilege escalation is achievable.
Affected Systems
All Linux kernel builds that include the dev_map_redirect_multi() routine in the DEVMAP_HASH branch and run on ARM64 or POWER architectures are affected while the vulnerability remains unpatched. The exact version range is not enumerated, so any kernel that contains the described code before the patch is potentially vulnerable, regardless of distribution or patch level.
Risk and Exploitability
The CVSS score of 7.8 denotes high severity. The EPSS score of less than 1% and absence from the CISA KEV catalog indicate that no active exploitation has been documented. Based on the description, it is inferred that an attacker would need local control over XDP programs or the ability to craft packets to trigger the race, making the attack surface limited to environments where XDP is in use.
OpenCVE Enrichment
Debian DLA