Impact
A race condition in the Linux device driver core allows the bus match() callback to be called during driver attachment without holding the device lock. This exposes the driver_override field trigger a use-after-free. The resulting kernel memory corruption could lead to a crash or, if an attacker can manipulate memory contents, to arbitrary code execution with kernel privileges. Based on the description, it is inferred that this race condition can trigger a use‑after‑free scenario that may lead to kernel memory corruption and potential privilege escalation.
Affected Systems
All Linux kernel releases that have not incorporated the kernel commit which replaces the direct driver_override access with the driver-core infrastructure. The fix is applied broadly across the Linux vendor; no specific version range is provided.
Risk and Exploitability
The CVSS score is not published, but the EPSS score is less than 1%, indicating a very low exploitation probability. Because the vulnerability relies on a timing race during bus probing, it is most likely exploitable only from a local context that can control device probing. Based on the description, it is inferred that exploitation would likely require local access to manage device probing. The vulnerability is not listed in the CISA KEV catalog.
OpenCVE Enrichment