Impact
The Linux kernel traffic control module contains a flaw where the copy‑on‑write range for writable packet buffers is calculated before the key offsets are known, leaving part of the buffer unwritten. Writing beyond this incomplete region corrupts the page cache, which can overwrite kernel memory and potentially lead to data integrity errors or privilege escalation.
Affected Systems
All versions of the Linux kernel released before the inclusion of the commit referenced in the advisory are affected. The fix appears in the latest stable kernel release; systems should verify whether their kernel build contains the commit that corrects the COW range calculation.
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity level. The EPSS score of less than 1% suggests a very low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Attack vectors are inferred to be local or privileged, requiring an attacker to inject or manipulate network packets to exercise the traffic‑control pedit action and trigger the overflow that corrupts the kernel page cache.
OpenCVE Enrichment
Debian DLA
Debian DSA