Impact
The Linux kernel bug causes the xfrm ESP input routine to decrypt packet fragments that are shared between processes in place because the SKBFL_SHARED_FRAG flag is missing. This in-place decryption modifies memory that is not privately owned by the socket buffer, leading to corruption of the shared pages and the possible exposure of encrypted payloads to other processes that reference those pages. The flaw is a CWE‑123 weakness involving incorrect memory handling.
Affected Systems
All Linux kernel builds that implement the xfrm ESP input path are affected. The issue specifically impacts kernels that handle ESP‑in‑UDP traffic created by MSG_SPLICE_PAGES, including IPv4 and IPv6 UDP sockets. All distributions using the upstream kernel prior to the patch series referenced in the advisory remain vulnerable.
Risk and Exploitability
The CVSS score of 8.8 and an EPSS score of 93% indicate a very high likelihood of exploitation. The vulnerability is not yet listed in CISA's KEV catalog. Based on the description, the attacker would need to send crafted ESP‑in‑UDP packets that use splice operations to the target. This is the inferred attack vector; the input does not explicitly state it, so the possibility of exploitation is derived from the nature of the vulnerability. The impact would be data corruption and potential leakage, but it does not provide direct remote code execution or privilege escalation.
OpenCVE Enrichment
Debian DLA
Debian DSA
Ubuntu USN