Impact
A race condition in the Linux kernel traffic‑control subsystem permits a use‑after‑free bug when a filter action is created and deleted concurrently. The flaw arises because the action's memory is freed immediately after removal, while a second CPU may still hold a stale reference. This can corrupt kernel memory and potentially lead to a crash or privilege escalation, representing a typical use‑after‑free vulnerability (CWE‑364).
Affected Systems
The flaw resides in the generic traffic‑control (tc) core code of the Linux kernel. All kernel releases that ship with the tc subsystem and have not incorporated the RCU‑deferral patch are vulnerable. This includes kernels used by most Linux distributions unless they have applied the downstream patch from commit d7fb60b9.
Risk and Exploitability
The CVSS base score is 7.8 and the EPSS indicates a very low public exploitation probability (<1 %). The vulnerability is not listed in the CISA KEV catalog, so no confirmed exploitation has been observed. The attack requires the ability to add or delete traffic‑control filters, meaning the attacker must have local or privileged access. The resulting kernel memory corruption could cause a system crash or, if an attacker can trigger privileged code execution, compromise system integrity. Overall, the risk level is moderate for environments that use tc filtering.
OpenCVE Enrichment
Debian DLA