The Linux kernel's mailbox subsystem contains a flaw where a receiving channel can be aliased to a transmitting channel that uses a different memory‑mapped I/O region. When such a reused channel is released, the code mistakenly frees the same memory twice. This double‑free corrupts the memory allocator’s internal structures and can lead to a crash or denial of service. Based on the description, it is inferred that the resulting memory corruption could enable arbitrary code execution if an attacker can trigger the mailbox‑test code path.

All Linux kernel builds that include the mailbox‑test component and lack the recent patch are affected. The vendor is Linux; the product is the Linux kernel. No specific version range is provided, so use the commit information to determine whether your kernel contains the bug and apply the fix if it does not.

The CVSS score is not supplied and EPSS information is unavailable, so the precise exploitation probability cannot be quantified. The vulnerability is not listed in CISA's KEV catalog. Because a double‑free is a severe memory corruption flaw, exploitation would require an attacker to influence the mailbox subsystem in a way that releases a reused channel. Based on the description, it is inferred that achieving such a condition would likely be limited to local or privileged contexts. No public exploit is known at this time, but the potential impact remains high if the flaw is realized by an attacker.