Impact
The Linux kernel’s netdevsim module fails to zero the struct iphdr inside dummy sk_buff objects, causing uninitialized IP header fields, a use‑of flaw and an untrusted input that can lead to operational failure (CWE‑824). Syzbot has identified a KMSAN uninitialized-value error originating from nsim_dev_trap_skb_build. Because the header is not properly set, dummy packet processing may introduce malformed IP headers into the kernel, potentially leading to crashes, undefined behavior, or kernel instability.
Affected Systems
All Linux kernel installations that include the netdevsim module before commit 175556c049eaec14efde8c6475e763b7579b9de7 are vulnerable. This includes standard kernel builds from Linux distributions that ship the original upstream kernel source without this patch. Kernel versions that contain the fix or later commits are considered secure.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not KEV catalog. The attack likely requires local or privileged access to load or configure a netdevsim dummy network interface, as the flaw is triggered when the module is active and packets are built. Exploitation would involve crafting dummy packets that expose the uninitialized header, potentially causing kernel instability. In, the likelihood of exploitation remains low, but the impact on kernel stability is significant if a successful exploit occurs.
OpenCVE Enrichment
Debian DLA