Impact
In the Open vSwitch implementation within the Linux kernel, the allocation of a reply socket buffer can occur before or after acquiring the ovs_mutex lock. If the buffer allocation fails after the set to an ERR_PTR value. Cleanup code, however, assumes the pointer was allocated and attempts to free it after unlocking, leading to an invalid free and possible corruption of kernel memory. This flaw could trigger a corruption or provide an escalation path for privileged attackers. The description does not specify the exact attack vector; based on the affected component, it is inferred that exploitation would require privileged access to the Open vSwitch kernel module.
Affected Systems
The flaw affects the Linux kernel’s Open vSwitch module. No specific kernel version range is provided, so all kernels that include the unpatched Open vSwitch code are potentially vulnerable. The vendor identifiers list only “Linux:Linux” reflects the generic Linux kernel.
Risk and Exploitability
The CVSS score is 5.5, indicating moderate severity. The EPSS score is less than 1%, suggesting a low likelihood of exploitation in the general population, and the vulnerability is not listed in CISA’s KEV catalog. The flaw involves an invalid free in kernel space, which can lead to kernel crashes or denial of service. Exfiltration or other exploitation would require privileged access to the Open vSwitch module and a failure during packet allocation, making it non‑trivial but possible in a suitable environment.
OpenCVE Enrichment
Debian DLA