Impact
The vulnerability stems from error‑handling paths within the kernel’s nvmem subsystem that call __nvmem_device_put(), a routine that frees the underlying memory and resources. After the free, the kernel continues to reference the released nvmem structure, creating a classic use‑after‑free condition that can corrupt kernel memory if malicious data is written into the freed region. If an attacker can trigger this flaw—typically in the nvmem subsystem—the resulting memory corruption could lead to arbitrary code execution or privilege escalation.
Affected Systems
All Linux kernel releases that include the unpatched nvmem core code are affected. The vulnerability is present in any distribution or custom kernel that compiles the nvmem subsystem without the patch referenced in the advisory; no specific vendor or version.
Risk and Exploitability
The CVSS score of 5.5 indicates medium severity, and the EPSS score of <1% suggests exploitation is unlikely, though not impossible. The flaw is not listed in the CISA KEV catalog, and no public exploits are known. However, if an attacker can trigger the error path—by forcing an error in the nvmem kernel memory and potentially achieve privilege escalation or arbitrary code execution. The likelihood of exploitation remains low, but the potential impact warrants prompt remediation.
OpenCVE Enrichment