Impact
A race condition exists in the Device Mapper cache policy in the Linux kernel, where an allocation check for a cache entry is performed outside the mutex that protects the deletion of that entry. If two invalidators run concurrently, they can both observe the entry as allocated, proceed to delete it, and free it again. This can corrupt the SMQ queues or hash tables, and may trigger use‑after‑free errors. The resulting kernel memory corruption can cause system crashes, kernel panics, or potentially allow an attacker to hijack privileged execution paths, thereby compromising confidentiality, integrity, or availability of the system.
Affected Systems
All Linux kernel releases that implement the Device Mapper cache with the SMQ queue are affected. The vulnerability affects any kernel that does not contain commit 2d1f7b65f5de or later. As the affected component is part of the core kernel, the impact spans all architectures that include the Device Mapper cache.
Risk and Exploitability
With a CVSS score of 7.8 and an EPSS of less than 1%, the vulnerability is considered high severity but the probability of exploitation remains low. The race condition requires two concurrent cache invalidations which could be triggered by multi‑threaded workloads or by administrative access to device‑mapper mappings. Because it is a local kernel race, an attacker must have local access or be able to run privileged code that exercises the Device Mapper cache. The vulnerability is not listed in the CISA KEV catalog, indicating no confirmed public exploits as of the latest data.
OpenCVE Enrichment