The vulnerability arises from the removal of a WARN_ON_ONCE check in code that handles the forward path array for IPIP tunnels. This diagnostic was triggered when userspace could construct a forward path longer than the allocated buffer, which might indicate an out‑of‑bounds access. The commit opts to delete the warning without altering the surrounding logic, thereby masking a potential buffer overflow or related issue (CWE-1284). As a result, tools and operators lose a warning that could have highlighted an anomalous array use, but the change does not introduce new functional behavior or a new attack surface. There is no evidence in the advisory that a crash, data corruption, or code execution can result from this change.

All releases of the Linux kernel that provide IPIP tunnel support and have not yet integrated the commit that removes the WARN_ON_ONCE. The advisory does not specify a precise version range, so any kernel built before the referenced commits (listed in the references) may be affected.

The vulnerability has a CVSS score of 5.5 and is not listed in the CISA KEV catalog. The EPSS score is < 1 %, indicating a very low probability of exploitation. Since the change merely removes a diagnostic message, the likelihood of exploitation through this path is low and no exploitation methods are documented. If the underlying code does contain an out‑of‑bounds or other fatal flaw, it could potentially lead to memory corruption; however, the advisories do not confirm that such a flaw actually exists or can be exploited.