Impact
The vulnerability arises from the removal of a WARN_ONCE check in the function hsr_addr_is_self() within the Linux kernel HSR (High‑Availability Seamless Redundancy) networking module. During the deletion of an HSR link, the self_node pointer is cleared in hsr_del_self_node() while the device may still be reachable, creating a timing window that allows the system to dereference a pointer after it has been cleared or set to NULL. This can lead to a kernel crash or, if an attacker can inject malicious data, arbitrary code execution. The weakness is a classic use‑after‑free error, classified as CWE‑416.
Affected Systems
All Linux kernels that compile and load the HSR module, regardless of distribution. The advisory does not specify exact kernel versions, so any kernel containing the buggy hsr_addr_is_self() implementation is potentially impacted.
Risk and Exploitability
No publicly published CVSS or EPSS scores are available, and the vulnerability is not listed in the CISA KEV catalog, so the exact severity and likelihood are unknown. Because the flaw involves a kernel data structure accessed during link deletion, the attack vector is likely local and requires privileged or kernel‑level access. The absence of publicly known exploits suggests a moderate risk until an attacker gains sufficient control over HSR interfaces.
OpenCVE Enrichment