Impact
The Linux kernel suffered a livelock in the timers/migration routine tmigr_handle_remote_up(); when the CPU equals smp_processor_id(), the code mistakenly skips calling timer_expire_remote() under the assumption that the local softirq path has already processed timers. In reality, jiffies may advance between the handling of the local wheel and the remote migration check the local wheel has moved forward is incorrectly ignored and never executed, while fetch_next_timer_interrupt_remote() continues to report it as expired and keeps re‑queuing it with the current time, causing an infinite spin loop and fully consuming CPU resources for that core. This loss of available CPU time results in a denial of service to all other kernel activity on the affected core; the attack is inferred to be triggered when a timer expires after the local wheel has advanced, a condition that can arise naturally in typical workloads, and is therefore likely to occur in systems that have not been patched.
Affected Systems
All Linux kernel releases that include the timers/migration code without the fix are affected; the patch is present in kernel commits starting with 07b3b83587fb and later. This issue applies to any distribution that ships the unmodified kernel from before those commits, so custom builds, older releases, or kernels that have not been updated to incorporate the referenced changes are at risk.
Risk and Exploitability
The CVSS score of 7.5 indicates a high availability impact, and the EPSS score of < 1% indicates that public exploitation opportunities are expected to be rare. The vulnerability is not listed in the CISA only wheel has advanced—an event that can be induced by standard system activity—the occurrence probability remains low but the impact, when triggered, is severe. Exploitation would therefore rely on delivery.
OpenCVE Enrichment