Impact
The flaw stems from a race condition in the Linux kernel’s memory controller: a dying memory cgroup clears its xarray entry before reparenting its per‑node lists. A concurrent list deletion can traverse a partially detached list, corrupting next/prev pointers, which could trigger a kernel crash. It is inferred that, if an attacker could trigger the conflicting operations, this could lead to privilege escalation, although the description does not state this explicitly.
Affected Systems
Any system running a Linux kernel prior to the commit that reverses the order of list reparenting and xarray clearing is affected. Commercial and community distributions that ship kernels older than this change remain vulnerable until upgraded.
Risk and Exploitability
The bug requires coexistence of concurrent kernel‑space operations and is not visible through normal user‑level interfaces, suggesting that remote exploitation would be difficult; this is inferred. The EPSS score is <1% and the CVSS score is 7.8, and the vulnerability is not listed in CISA KEV, indicating no documented widespread exploitation. Nevertheless, the potential for kernel crashes or, as inferred, privilege elevation warrants prompt action.
OpenCVE Enrichment