Impact
The Linux kernel has no imposed limit on the size of BPF program signatures (CWE‑770). An attacker can load a BPF program with an exceptionally large signature bound, forcing the kernel to allocate memory through kmalloc_large or vmalloc. These expensive allocation paths can consume large amounts of kernel memory, leading to performance degradation or triggering out‑of‑memory conditions. The effect is a denial‑of‑service caused by exhausting kernel resources.
Affected Systems
All Linux kernel releases that do not contain the commit adding a signature‑size cap are affected. The vulnerability applies across the entire Linux ecosystem, irrespective of distribution, and impacts every kernel that fails to enforce the bounded signature size.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity. The EPSS score is less than 1%, suggesting low but non‑zero likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker who can load BPF programs—typically local users granted BPF loading privileges—could trigger the oversized allocation path. The attack does not rely on network exposure and may be exercisable from unprivileged user space if BPF capabilities are present.
OpenCVE Enrichment