Impact
The flaw originates when the final portion of a memory segment can extend beyond its allocated page and overlap the next page reserved for the early kernel stack. This misalignment allows overwriting page table entries that control memory mappings, potentially leading to a kernel crash or unpredictable system behavior. The bug is an out-of-bounds write and also involves an incorrect calculation of buffer size (CWE-131). The description indicates a risk of system instability, which in the worst case can result in a denial of service. No explicit privilege escalation or data disclosure is reported in the provided details.
Affected Systems
The vulnerability affects Linux kernels running on ARM64 architectures. Any kernel prior to the commit that reserves an extra page for early mapping may be susceptible, regardless of the distribution or firmware version. Specific affected releases are not enumerated, so all kernels compiled with early initialization mapping before the patch should be considered at risk.
Risk and Exploitability
CVSS score is not disclosed, the EPSS score is <1%, indicating a very low likelihood of exploitation, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. No active exploitation has been documented. The flaw involves kernel memory, implying a local attack vector. Based on these metrics the overall risk is low, primarily associated with accidental crashes in development or testing, not a serious security breach.
OpenCVE Enrichment