Impact
An assertion in the Linux kernel's phonet networking driver causes a BUG_ON when the pn_socket_autobind() routine mistakenly interprets a failed bind as evidence that a socket has already been bound. When pn_socket_bind() returns –EINVAL for an unbound socket, pn_socket_autobind() fires the BUG_ON, leading to a kernel panic. The panic halts all system services, resulting in a denial of service for the affected host.
Affected Systems
Linux kernels that include the phonet driver and have not incorporated the commit that removed the BUG_ON are affected. All distributions running such kernels must identify whether their kernel version contains the fix. The patch is included in kernel releases following the change, so updating to a kernel that includes the commit resolves the issue. No specific version is listed in the data, so affected releases span all kernels prior to the fix.
Risk and Exploitability
The bug can be triggered by a user‑space process that creates a phonet socket and performs a sendmsg operation; the path is explicitly documented as user‑triggerable. The likely attack vector is a local process able to execute code in user mode, which could provoke a kernel panic and cause availability loss. The CVSS score is 5.5, the EPSS score is less than 1%, and the vulnerability is not listed in KEV; however the direct crash path indicates a high likelihood of denial of service if the attacker can reach the vulnerable code.
OpenCVE Enrichment