The vulnerability exists in the Linux kernel's nftables module. During packet filtering rule initialization the library accepts shift operators with a zero shift value. The kernel then performs a 32‑bit shift operation to propagate carry bits, which is undefined behaviour and can corrupt the kernel's internal state. Maliciously crafted nftables rules that use a zero shift can trigger a kernel crash or denial‑of‑service condition, potentially affecting the entire operating system. The weakness is an input validation failure in the control plane of the nft_bitwise expression.

All Linux kernels that implement the nft_bitwise expression without the new zero‑shift check are affected. The vulnerability is not limited to a single vendor; it applies to every distribution that ships the affected kernel code. The precise kernel version that was patched is not specified in the advisory.

No EPSS score is available and the vulnerability is not listed in CISA KEV, so public exploitation data is currently unknown. The CVSS score is not provided, but given that the flaw is a kernel‑level undefined behaviour that can lead to a crash, the risk is moderate to high for affected systems. The attack vector is inferred to be remote in that a malicious user can supply a crafted nftables rule, which is plausible for both local administrators and attackers with sufficient privileges to modify firewall rules. Because the bug is confined to the control plane and must be triggered during rule compilation, it is not a low‑effort remote code execution flaw, but a denial of service that can be triggered by poorly validated rules.