Impact
The MediaTek mtk_eth_soc Ethernet driver in the Linux kernel contains a use‑after‑free flaw where a metadata object is released with kfree() instead of through the RCU‑safe reference‑counting path. While other network buffers hold non‑refcounted pointers to the same object, a use‑after‑free can occur. This defect allows an attacker to provoke kernel memory corruption or a crash by sending crafted packets to the affected interface.
Affected Systems
All Linux kernel builds that include the MediaTek mtk_eth_soc driver prior to the commit replacing metadata_dst_free() with dst_release(). No specific version numbers are listed, so any kernel containing the legacy implementation is impacted.
Risk and Exploitability
The CVSS score of 9.8 indicates a very high severity vulnerability. An EPSS score of < 1% indicates an extremely low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote network traffic sent to the _eth_soc, with no local privilege escalation required beyond NIC access. Despite the low exploitation probability, the high CVSS rating means the potential impact is severe if an exploit is found, so the overall risk should be considered high rather than moderate.
OpenCVE Enrichment