Impact
A race condition in the Linux vdpa driver allows the bus match callback to read the driver_override field without holding the device lock. This unsynchronized access can trigger a use‑after‑free, corrupting kernel memory and potentially enabling an attacker to execute arbitrary code with kernel privileges.
Affected Systems
All Linux kernel builds that contain the vdpa driver and have not applied the patch that redirects driver_override accesses to the driver‑core infrastructure. No specific kernel release numbers are provided; affected systems remain vulnerable until the patch from commit 654ef9c33e… is incorporated.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low but non‑zero exploitation probability. KEV has not listed this vulnerability, so there is no public catalog of known exploits. A kernel‑level use‑after‑free of this nature can permit local privilege escalation if an attacker can influence device probing or memory layout, so systems lacking the fix are considered at moderate risk until the kernel is updated.
OpenCVE Enrichment