Impact
The flaw is a use‑after‑free in the Linux kernel’s namespace is read without holding the necessary RCU lock. When an open or close operation occurs concurrently with an unmount, the namespace can be freed while still being referenced, which can lead to a kernel crash or, in a very narrow case, leaking the result of an integer comparison to user space. The vulnerability does not provide privilege escalation or a broad code execution path, but it can destabilize the system.
Affected Systems
Linux kernel components that support the open_tree(..., OPEN_TREE_CLONE) feature and compile with CONFIG_PREEMPTION or CONFIG_RCU_STRICT_GRACE_PERIOD enabled. The specific affected kernel versions are not listed, but the patch that fixes the issue is present in recent kernel releases.
Risk and Exploitability
The CVSS score is not provided, and EPSS data is unavailable, indicating no known widespread exploitation. The condition requires a race during a syscall that occurs under an R uses preemption or strict grace periods, making the exploitability low for unprivileged users. The bug is listed as not included in CISA’s KEV catalog, suggesting no confirmed it as a potential denial‑of‑service risk but expect it to be harder to trigger intentionally.
OpenCVE Enrichment