The vulnerability resides in the SCSI generic (sg) kernel module, allowing a user to set the module parameter def_reserved_size to an out‑of‑range value, such as –1. The lack of input validation permits this breach, which then leads the kernel to allocate an invalid buffer size when opening an /dev/sgX device. This misbehaviour manifests as a soft lockup, where a CPU core is observed stuck for extended periods, effectively crippling the system until a reboot or kernel recovery. The issue does not expose code execution or information disclosure; its primary impact is a denial‑of‑service that can affect the kernel’s responsiveness and availability.

All Linux kernel releases that include the sg module with the vulnerable def_reserved_size handling are affected, as the flaw is tied to the kernel’s sg driver. The vendor list indicates Linux:Linux, meaning the flaw is present in the upstream kernel distribution. Specific affected kernel release numbers are not enumerated in the current data, so systems running any kernel version that compiles or loads the sg module should be considered potentially vulnerable.

The vulnerability requires local access to modify the sysfs parameter /sys/module/sg/parameters/def_reserved_size, which typically demands root or elevated privileges. Once set to an invalid value and followed by opening an sg device, a non‑preemptive kernel may experience a soft lockup, effectively causing a DoS. EPSS is not available and the flaw is not listed in the CISA KEV catalog, yet its impact is significant due to the kernel lockup. The CVSS score is undefined in the provided data; however, because the flaw can bring the entire system to a halt, it should be treated as a high‑severity local DoS.