Impact
A missing cleanup of channel objects in the Linux mailbox subsystem on a failed probe leaves freed channel resources while the client structure is still allocated by a devm routine. This defect creates a classic use‑after‑free condition that can result in kernel memory corruption and provides an attacker with the potential to corrupt sensitive data or exploit the kernel for privilege escalation. The weakness corresponds to CWE‑825 (Channel Leak).
Affected Systems
All Linux kernels that compile the mailbox-test module of the mailbox subsystem are affected. No specific kernel releases are enumerated, so any build that includes this legacy module prior to the applied patch is at risk. The issue appears in default configurations that load the module, and is not tied to a particular vendor variant beyond the generic Linux kernel.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% suggests a low probability of exploitation in the wild. The flaw is listed as not being in the CISA KEV catalog, implying no widely known active exploitation. The likely attack vector is inferred: an attacker with sufficient privileges to load or force a probe failure on the mailbox-test module (for example, by manipulating mailbox hardware or maliciously loading the module) can trigger the use‑after‑free. With kernel‑level access, such a flaw could enable the attacker to corrupt critical data structures and elevate privileges. Due to the moderate CVSS score, potential lack of exploitation evidence, and moderate EPSS, the overall risk is considered moderate but warrants timely remediation.
OpenCVE Enrichment
Debian DLA