Impact
The Linux kernel test harness for BPF programs, bpf_prog_test_run_skb, mistakenly uses the packet’s Ethertype to access L3 headers even when only an Ethernet header is present, which can cause an out‑of‑bounds read of the raw socket buffer and potentially trigger a kernel crash, resulting in a denial‑of‑service condition.
Affected Systems
All Linux kernel versions that have not yet integrated the commit that rejects short IPv4/IPv6 inputs are affected. The bug is present in the upstream kernel and any distribution using an unpatched kernel should be considered at risk. No specific version range is listed, so the default assumption is any pre‑patch release. The vendor is the Linux kernel maintainers.
Risk and Exploitability
The EPSS score is < 1% and it is not listed in the CISA KEV catalog. Based on the description, it can be inferred that exploitation would require the ability to load and execute BPF programs, which may be a local or privileged operation; the vulnerability can lead to a kernel crash, causing a denial‑of‑service impact. The CVSS score of 6.4 reflects a medium severity risk for denial‑of‑service via a kernel crash.
OpenCVE Enrichment
Debian DLA