Impact
A race condition exists in the Linux kernel where the __driver_attach() function calls a bus match() callback without holding the device lock. This race allows reading the driver_override field without proper synchronization, causing a Use‑After‑Free (CWE‑416) situation that can destabilize the kernel or enable privilege escalation. The vulnerability directly targets the s390 architecture’s CIO subsystem and manifests when a driver is probed during system or module initialization.
Affected Systems
Linux kernel operating systems with the s390 architecture are affected. However, the advisory does not list specific kernel release numbers; it is therefore unknown which particular releases contain the vulnerability. All kernels that include the s390 CIO subsystem before the fix may be impacted until the patch is applied.
Risk and Exploitability
The CVSS score is 5.5, and the EPSS score is < 1%, so the exact likelihood of exploitation is very low but non‑zero. The vulnerability is not listed in the CISA KEV catalog. The lack of specific version information makes it difficult to determine the exact scope of affected releases. However, because it involves a race condition that can lead to a use‑after‑free during driver probing, a local attacker with the ability to influence driver loading can potentially replay the race condition to destabilize the system or exploit kernel memory, making the risk significant for privileged users or environments with loaded drivers.
OpenCVE Enrichment