A high-severity concurrency flaw in the Linux kernel's memory management subsystem could allow local attackers to induce race conditions and potential system failure.

This vulnerability involves a lack of proper locking in the decay_va_pool_node() function within the vmalloc memory management code. The concurrent invocation from both the __purge_vmap_area_lazy() path and the shrinker via vmap_node_shrink_scan() without the vmap_purge_lock results in a race condition.

With a CVSS score of 7.8, this flaw poses a significant risk to the stability of the virtual memory subsystem. Successful exploitation could result in kernel panics, memory corruption, or potentially elevated privileges for a local attacker.

Immediate Action: Upgrade to a kernel version that correctly implements the vmap_purge_lock within the shrinker path.

Proactive Monitoring: Monitor system logs for memory-related kernel errors or unusual performance degradation associated with virtual memory operations.

Compensating Controls: Ensure that systems are running with hardened kernel configurations that limit the ability of user-space processes to trigger intensive memory management operations.

Public Exploit Available: false

Kernel memory management bugs are critical due to their potential for widespread system impact. Patching should be treated as a high-priority task for all Linux environments to ensure the integrity of the memory subsystem.