Impact
The flaw lies in zram_bvec_write_partial(): when an asynchronous write frees a page while a simultaneous read may still be writing into that page, a use‑after‑free occurs. This leads to can cause crashes or other kernel‑level memory corruption symptoms. The weakness is captured by CWE-364 (Race Condition).
Affected Systems
The vulnerability affects all Linux kernel installations that have not yet incorporated the fix commit 0c2821665ff71be3f4b07ecece384669f2877f6a. No specific version list is supplied; however, more recent kernel releases include this commit. Linux kernel devices that use zram for memory compression and management are subject to the flaw.
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity. The EPSS score is less than 1%, and the vulnerability is not listed in CISA’s KEV catalog, making the likelihood of exploitation low under normal circumstances. The attack vector is inferred to be a local user with the ability to perform zram operations; no remote exploitation path is documented in the CVE data. Even though the risk remains theoretical without a demonstrated exploit, the impact of kernel memory corruption could lead to denial of service or potential privilege escalation if adversaries can trigger the race condition.
OpenCVE Enrichment