Impact
The vulnerability arises in the Linux kernel’s memory‑control group subsystem when the function get_random_u32_below() is invoked during a non‑re‑entrant NMI context, corrupting the ChaCha entropy state and potentially resulting in kernel memory corruption. This flaw is present in the victim selection logic for refill_stock, where a random pick can be unsafe. The resulting memory corruption can lead to a kernel panic, denial of service, or, if the attacker can trigger the corruption, privilege escalation.
Affected Systems
All Linux kernel builds that have not incorporated the recent patch replacing get_random_u32_below() with a per‑CPU round‑robin counter are affected. The fix appears in the mainline kernel, and any distribution still using an older kernel version is vulnerable. The issue resides in kernel memory control group code and does not affect user‑space applications directly.
Risk and Exploitability
The EPSS score of <1% indicates a very low probability of exploitation, and the CVE is not listed in CISA KEV, suggesting no publicly known exploits. Based on the description, it is inferred that the likely attack vector involves inducing a hardware NMI while the kernel is updating the ChaCha entropy state—a scenario unlikely without physical or advanced firmware access. However, if exploited, the kernel memory corruption that ensues could lead to system crashes or, in a forced scenario, privilege escalation. The CVSS score of 7.8 denotes high severity.
OpenCVE Enrichment