The vulnerability arises from a missing NULL check in the __ioam6_fill_trace_data() function, allowing a potential NULL pointer dereference during IPv6 IOAM trace data handling. This can lead to a kernel panic, effectively denying service or allowing attackers to trigger a crash if they can influence the trace data processing. The flaw originates from unsafe access to device pointers without sufficient validation, as noted by the fix that adds checks and READ_ONCE() statements.

Linux kernels that implement the IOAM IPv6 trace data path in the kernel's networking stack. The vulnerability is present in all versions prior to the commit that added the NULL checks; no specific version numbers are listed in the input, so any Linux kernel version that contains the old implementation is susceptible. The fix applies to the Linux kernel source, affecting all distributions that use the stock kernel without updates.

The CVSS or EPSS data is not available, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is via crafted IPv6 IOAM packets that reach the kernel's trace data processor, which can be triggered when the system processes traffic from an external host or compromised client. As the kernel can crash, the exploitation would result in denial of service; no remote code execution is reported. However, because the flaw only induces a crash and is triggered by network traffic, it may be exploited by attackers who can send specially crafted packets. Given the lack of publicly known exploits, the risk remains moderate but should be mitigated promptly.