The bug, discovered in the Linux kernel's X25 networking subsystem, is an integer overflow that occurs when the kernel accumulates packet fragments. The missing bounds check on the x25_sock.fraglen field can cause the counter to wrap around, resulting in corrupted state and potentially unsafe memory handling. This issue is associated with CWE-190 (Integer Overflow) and CWE-191 (Signed Integer Overflow). As a consequence an attacker could force the kernel to misinterpret packet sizes or indices, leading to memory corruption or a denial of service.

All versions of the Linux kernel that include the net/x25 module and have not yet incorporated the fix are affected. The vulnerability is present in the core kernel code and would impact any system running an unpatched kernel that enables or processes X25 traffic, irrespective of distribution vendor.

The CVSS score is 7.5, and the integer overflow (CWE-190) and signed integer overflow (CWE-191) can be triggered by sending crafted X25 packets over the network, so the attack vector is remote and does not require local privileges. The EPSS score of less than 1% indicates that the probability of exploitation is currently very low, and the vulnerability is not listed in CISA KEV. Nevertheless, the impact of a successful exploit could be severe, potentially causing kernel data corruption or a denial of service, so the overall risk remains significant until the patch is applied.