Impact
In the Linux kernel, a flaw in the PowerPC architecture’s page table fragmentation logic causes a bad page state error during the release of page table fragments. When a process exits and the kernel frees a folio that still has its active flag set, the kernel can incorrectly call the page‑table destructor, leading to a page fault and an oops. The bug can result in a kernel crash, which may allow a local attacker to cause a denial of service.
Affected Systems
The vulnerability affects Linux kernels that run on PowerPC CPUs, including IBM pSeries and Power10 emulated environments, as well as production systems with 64K page size handling. The example log shows a 6.18.0‑rc3 kernel. No specific versions were listed in the CVE data, so any kernel that has not yet been patched with the “mm: free retracted page table by RCU” series is potentially vulnerable.
Risk and Exploitability
The CVSS score of 5.5 indicates medium severity, and the EPSS score of <1% suggests a low likelihood of exploitation in the wild. The vulnerability is not present in CISA’s KEV catalog. The bug requires a local process that exits while holding page table fragments, so the attack vector is limited to locally privileged users or those who can run arbitrary code on the machine. Exploiting the flaw would cause a kernel crash, which can be leveraged for denial of service.
OpenCVE Enrichment