Impact
The Linux kernel contains a flaw in the IPVS load‑balanced service module. When a service’s scheduler is unbound, the svc->scheduler pointer is cleared only after RCU callbacks are scheduled. This timing gap can cause the scheduler structure to be freed while packets are still being processed, leading to a use‑after‑free bug. The resulting kernel memory corruption can trigger a crash or, if an attacker can control the freed memory, allow arbitrary code execution in kernel context. Additionally, the bug involves improper synchronization around the scheduler linkage, which can be classified as CWE-825.
Affected Systems
All Linux kernel versions that include the IPVS module and run the unpatched ip_vs_edit_service() path are potentially affected. The CVE does not specify affected kernel releases, so systems running a Linux kernel with IPVS enabled are at risk.
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity impact. The EPSS score is < 1%, suggesting a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be remote network traffic to a vulnerable IPVS service. Exploitation requires network access to a host running the vulnerable IPVS service. The combination of a kernel service, modest exploitation probability, and high severity warrants a high‑risk assessment. An attacker could cause denial of service or elevate privileges on the host.
OpenCVE Enrichment
Debian DLA