Impact
The Linux kernel PPPoE driver mistakenly accepts a single‑byte compressed protocol field when the generic PPP input routine expects a two‑byte field. The resulting 1‑byte shift in the payload misaligns the network header, triggering unaligned memory accesses on architectures that enforce strict alignment and causing kernel crashes. This only when a PPPoE frame with an unsupported compressed protocol field is received, making the attack surface limited to PPPoE traffic.
Affected Systems
All Linux kernel installations that include PPPoE support and have not applied the patch that drops PFC frames are potentially affected. The CPE indicates any Linux kernel, and no specific version range is provided, implying that older kernels prior to the patch carry the issue. Devices that rely on PPPoE for connectivity—such as routers, DSL modems, or VPN gateways—are the most directly impacted.
Risk and Exploitability
The CVSS score of 7.5 indicates a higher severity vulnerability, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker able to inject specially crafted PPPoE packets—such as on a shared LAN or WAN segment—against a vulnerable device. The patch mitigates the issue by explicitly dropping PPPoE PFC frames, eliminating the opportunity for misaligned access and the resulting denial of service.
OpenCVE Enrichment
Debian DLA