Impact
A race between two concurrent madvise(MADV_HWPOISON) calls on the same hugetlb page and a concurrent unmap operation can cause a recursive spinlock self‑deadlock on hugetlb_lock. The deadlock occurs when the hugetlb_lock is already held by the get_huge_page_for_hwpoison wrapper while a folio_put() path attempts to re‑acquire the same non‑recursive lock. This flaw leads to a kernel hang and can disrupt system availability but does not provide a path for code execution or secrecy compromise. The weakness is a race‑condition leading to deadlock (CWE‑833).
Affected Systems
All releases of the Linux kernel that contain the pre‑fix code path are affected; the CPE indicates the entire Linux kernel with no specific version range. Therefore any embedded or distribution kernel that has not yet been updated to the commit that moves the hugetlb_lock acquisition into get_huge_page_for_hwpoison is vulnerable.
Risk and Exploitability
The CVSS score is 5.5 and the EPSS score is below 1%, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector requires privileged kernel access: an attacker must be able to invoke madvise(MADV_HWPOISON) and unmap operations, implying root or equivalent privilege. When exploited, the flaw can cause a kernel lockup that stalls the system, affecting availability; it does not provide a direct route to remote code execution or data exfiltration. The low EPSS score suggests that public exploitation is unlikely, but the impact on availability remains significant for affected hosts.
OpenCVE Enrichment
Debian DLA