A one‑byte padding gap in the kernel structure used by the xfrm_user interface was left uninitialized. When the kernel routine build_mapping copies that structure to userspace, the padding remains uninitialized and is read by the caller, leaking kernel memory contents. This constitutes an information exposure that would allow a process with local access to read otherwise protected data, potentially aiding further attacks. The flaw arises from the use of uninitialized memory, a weakness identified by CWE-908, and leads to a modest confidentiality impact as indicated by the CVSS score of 5.5.

Any Linux kernel that still contains the uninitialized padding in struct xfrm_usersa_id before the build_mapping routine runs is affected. The patch that clears the structure has been merged into recent kernel releases, so versions predating that merge remain vulnerable. The specific vulnerable kernel releases are not enumerated in the advisory, but the vulnerability applies to any kernel builds that have not yet been updated to include the zero‑initialization change.

The CVSS score of 5.5, indicating a moderate impact, and an EPSS score of less than 1% signal a low probability of discovery and exploitation. The attack requires a local execution context or a process that can trigger the appropriate ioctl; it is not remotely triggered and does not provide elevated privileges, though the disclosed data could enable follow‑on exploits. The vulnerability is not listed in the CISA KEV catalog. Exploitability is therefore limited to local users who have the ability to use the xfrm_user interface.