Impact
An out-of-bounds memory read occurs in the kernel function qdisc_pkt_len_segs_init when it uses skb_header_pointer to pull packet headers for GSO packets. A crafted GSO packet can trigger the vulnerability, exposing uninitialized memory to the kernel. The resulting crash can halt the machine, providing an attacker with a remote denial‑of‑service vector.
Affected Systems
All Linux kernel builds that do not include the patch committed by 7fb4c19670110f052c04e1ec1d2b953b9f4f57e4 are affected. This covers virtually every distribution kernel prior to that commit, regardless of version, as the vulnerability resides in core networking code.
Risk and Exploitability
The flaw carries a CVSS score of 8.4, indicating high severity, but its EPSS score is under 1%, signifying a low current likelihood of exploitation. The bug is not listed in CISA’s KEV catalog. An attacker can deliver a specially crafted GSO packet over the network; no authentication is required. If successful, the kernel crash causes a system‑wide denial of service.
OpenCVE Enrichment