Impact
In the Linux kernel, the tap driver contains a flaw that causes the to copy 16 bytes from an uninitialized on‑stack structure, leaving eight bytes of kernel stack data exposed. An attacker who can call this ioctl on a macvtap character device can read kernel .text and direct‑map addresses, which defeats Kernel Address Space Layout Randomization.
Affected Systems
Any Linux system running a kernel version that predates the commit that added proper initialization of the sockaddr_storage in tap_ioctl is vulnerable. This includes all standard Linux kernel releases until the patch is applied, regardless of distribution, as the affected code is part of the core kernel.
Risk and Exploitability
The EPSS score is below 1%, indicating a very low exploitation probability, and the CVSS score of 5.5 classifies the vulnerability as moderate. The bug is not listed in CISA KEV. Although the score is moderate, the leak of kernel addresses provides a foothold that can aid further attacksASLR is bypassed. The likely attack vector is local or privileged access to the macvtap device, inferred from the need to perform SIOCGIFHWADDR on that character device.
OpenCVE Enrichment