Impact
The vulnerability is a use‑after‑free flaw in the Linux rtlwifi PCI driver. When a device is removed or a probe fails, a tasklet that prepares beacon frames continues to run or remain pending. Because the tasklet accesses the ieee80211_hw structure after it has been freed, memory corruption can occur, allowing an attacker to execute arbitrary code in kernel context. The issue is a race condition (CWE‑825) involving premature freeing of shared data.
Affected Systems
All Linux kernel builds that include the rtlwifi driver before the tasklet_kill fix are affected. No specific exported version range is available; the issue exists in the driver code prior to the referenced patches and has no publicly listed CVE‑specific version numbers. Systems running kernels that ship the rtlwifi module without the update are vulnerable.
Risk and Exploitability
Based on the description, the likely attack vector is local or via interference with the Wi‑Fi hardware that forces a probe failure or driver unload. The EPSS score of 0.00164 indicates a very low exploitation probability and the vulnerability is not listed in the CISA KEV catalogue. The consequence of successful exploitation would be kernel privilege escalation, so the risk is high. However, as the flaw was discovered through static analysis and no active exploitation reports exist, the probability of exploitation remains uncertain.
OpenCVE Enrichment
Debian DLA