Impact
A stack‑based buffer overflow originates in the netfilter conntrack subsystem of the Linux kernel, triggered by an unsafe sprintf call during the handling of certain packet contents. The code uses the size‑limited versusnprintf infrastructure, yet the buffer is not protected, causing a stack‑out‑of‑bounds write as identified by KASAN. This flaw can corrupt kernel memory and enables arbitrary execution of code with kernel privileges. The vulnerability is a buffer overflow and a memory management issue (CWE-787).
Affected Systems
All Linux kernel builds that include the netfilter conntrack module and have not yet incorporated the commit that replaces sprintf with scnprintf. The impact is not limited to a specific distribution or version; any kernel prior to that change is potentially vulnerable.
Risk and Exploitability
The EPSS score indicates a very low exploitation probability, reported as < 1%, and the flaw is not listed in the CISA KEV catalog, yet the severity is high because kernel memory corruption can lead to remote code execution. Exploitation would require an attacker to send a specially crafted packet that exercises the vulnerable path. Based on the description, the likely attack vector is network‑based, enabling a remote host to trigger the overflow by SDP traffic to the host. This attack vector is inferred, as it is not explicitly documented in the data. The CVSS score of 9.8 underscores a critical severity level.
OpenCVE Enrichment
Debian DLA