Impact
During driver probing the fsl‑mc bus executes its match callback without holding the device lock, causing the driver_override field to be accessed unsafely. This race can lead to a use‑after‑free condition. If exploited, an attacker could corrupt kernel memory and potentially execute arbitrary code with kernel privileges. The weakness is a classic use‑after‑free vulnerability and also involves improper resource management (CWE‑413).
Affected Systems
All Linux kernel installations that include the fsl‑mc driver and have not been updated to the patched version. No specific kernel version ranges are listed in the advisory, so any kernel exposing this code path is potentially affected until a fix is applied.
Risk and Exploitability
The EPSS score indicates a very low exploitation probability (<1%), and the vulnerability is not listed in the CISA KEV catalog, indicating no published exploitation activity at the time of this analysis. The attack vector is likely to require local privilege or the ability to influence driver loading, as the flaw occurs during kernel driver attachment. The CVSS score of 5.5 indicates moderate severity, but the EPSS probability remains low, making the actual risk uncertain.
OpenCVE Enrichment