Impact
A logic error in Linux kernel traffic‑control mirred logic causes the wrong network device to be queried for mac_header_xmit when redirecting packets to multiple devices. This mis‑retrieval leads to incorrect MAC header handling, resulting in skb header corruption, headroom exhaustion, and a potential kernel panic— a denial‑of‑service impact.
Affected Systems
The vulnerability affects the Linux kernel itself. All distributions shipping kernel versions that contain the buggy tcf_blockcast_redir logic are potentially impacted; any release prior to the patch that implements the corrected device check is vulnerable.
Risk and Exploitability
The bug represents a buffer misuse (CWE‑805) and can cause a complete kernel crash when traffic is routed through a mirred block with mixed device types. The CVSS score of 5.5 indicates medium impact severity. The EPSS score (< 1 %) and absence from the CISA KEV catalog suggest low current exploitation probability, but the severity of a kernel panic warrants prompt remediation. An attacker could trigger the flaw by crafting traffic that flows through a vulnerable mirred block, either from a local source or via a compromised network path that can influence packet handling.
OpenCVE Enrichment