Impact
The vulnerability arises in the Linux kernel's ebtables module where the function compat_mtw_from_user converts user‑supplied 32‑bit ebtables extensions to kernel structures without verifying that the supplied match_size or target_size meet the extension’s required size. If an attacker supplies a size smaller than required, the kernel performs an out‑of‑bounds read, exposing kernel data as reported by KASAN. This flaw can lead to leakage of sensitive information from kernel memory. Based on the description, the primary impact is information disclosure through a memory read beyond bounds.
Affected Systems
The flaw exists in all Linux kernel releases that include the ebtables netfilter module prior to the applied patch. Vendors affected are Linux:Linux; any kernel version running ebtables without the provision of the latest security updates may be vulnerable. No specific product sub‑version list is provided, so all affected kernels before the patch are included.
Risk and Exploitability
The CVSS score is 7.8, indicating high severity, and the EPSS score is less than 1%, suggesting a low probability of exploitation. The vulnerability is an out‑of‑bounds read caused by missing input validation, implying that an attacker with knowledge of the ebtables user‑space interface could trigger the fault. The likely attack vector is through the ebtables command‑line tool or library, which could be invoked by an unprivileged or partially privileged user. These conditions make the risk high, especially in multi‑tenant environments where untrusted code may invoke ebtables. While the exploitation may be difficult without an exploit chain, the potential for data leakage warrants immediate remediation.
OpenCVE Enrichment
Debian DLA