Impact
In the Linux kernel, the netfilter processing logic for Ethernet headers incorrectly assumed that the socket buffer always had a valid Ethernet MAC header and performed a direct eth_hdr(skb) access. This oversight allowed crafted packets that lacked a proper MAC header or had an invalid pointer to read memory outside the intended bounds, leading to an out‑of‑bounds read and potentially a kernel crash. Attackers could trigger this error by sending specially crafted network frames that bypass normal packet validation causing denial of service.
Affected Systems
Affected systems are Linux kernels that ship with the netfilter modules ip6t_eui64, xt_mac, and ipset types bitmap:ip,mac, hash:ip,mac, hash:mac, plus the nf_log_syslog feature. The CPE specification indicates the impact spans all Linux kernel releases; any build that includes these modules before the patch is vulnerable.
Risk and Exploitability
The CVSS score of 9.4 reflects critical severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability does not appear in the CISA KEV catalog. Based on the description, an attacker could deliver malicious network packets that reach the vulnerable netfilter components, leading to a kernel crash and denial of service.
OpenCVE Enrichment
Debian DLA