The Linux kernel contains a flaw that allows ICMP extended echo reply packets to be processed without first verifying the packet’s type. Because the ICMP extension type is greater than the range handled by the icmp_pointers array, the code may look up outside of that array bounds. This can lead to an out‑of‑bounds memory access that may expose kernel memory contents or overwrite pointers, potentially allowing an attacker to gain kernel execution or cause a crash. The weakness corresponds to an unvalidated array index situation.

All Linux systems running affected kernel versions that include the unresolved icmp_pointers bug are affected. The impact applies to any distribution that ships with the unpatched kernel; the issue is present in the mainline kernel prior to the commit that added the validation. Exact version ranges are not specified in the available data, so administrators should verify whether their kernel includes the patch commit identified in the provided references.

The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, so its current exploitation probability is unknown. However, because the bug operates on regular network traffic and affects the core kernel, an attacker could craft a malicious ICMP packet from an external host to trigger the out‑of‑bounds access, given the lack of a specified mitigated environment. The lack of a CVSS score makes it difficult to quantify severity, but the kernel nature of the flaw suggests a potentially high impact if exploitable.