The Linux kernel netdevsim module contains a flaw where the struct iphdr within dummy sk_buff objects is uninitialized when a dummy packet is constructed. This results in the IP header fields holding arbitrary values. The uninitialized data originates from the function nsim_dev_trap_skb_build, and a potential memory safety issue was reported by Syzbot as a KMSAN uninit-value. Because the header is not properly zeroed, the kernel could receive packets with malformed headers during dummy packet processing, which may cause unexpected kernel behavior such as crashes or undefined state transitions.

All Linux kernel implementations that contain the netdevsim module and include the bug before commit 175556c049eaec14efde8c6475e763b7579b9de7 are affected. This includes any standard kernel builds from Linux distributions that ship the original upstream kernel source without this commit. Versions succeeding the commit are considered fixed.

The CVSS score is not disclosed and an EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector requires local or privileged execution to load or configure a netdevsim dummy network interface, as the problem is triggered when the module is active and packets are built. Exploitation would involve creating dummy packets that expose the uninitialized header, which could lead to kernel instability. The likelihood of exploitation in a typical production environment is moderate, given the need for module loading and privileged operations, but the impact on kernel stability remains significant if successful.