Impact
The flaw resides in the nft_fib module of the Linux kernel’s netfilter subsystem, where a designated register span for the outgoing interface name (IFNAMSIZ bytes) is declared but only a single 32‑bit zero value is written during failure paths. The remaining registers retain whatever data was on the kernel stack at that time. Downstream nftables expressions that read the full span can expose this uninitialized data to userspace, revealing sensitive kernel stack content. A similar issue exists for the NFTA_FIB_F_PRESENT flag, where a single byte is stored into a larger declared span, again creating a stale memory area that can be read. This leads to a local information disclosure vulnerability via kernel stack leakage.
Affected Systems
Any Linux kernel released before the commits referenced in the advisory is susceptible. The advisory lists several commit hashes; any distribution kernel that has not incorporated those changes remains potentially vulnerable. Administrators should confirm whether their running kernel contains the patches starting with commit 3544210609f6d1db282bbdeca639104ef624c393 or equivalent, and update to the latest stable kernel release that includes them.
Risk and Exploitability
The CVSS score of 5.5 indicates a moderate severity assessment, and the EPSS score of <1% suggests a low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a local user who crafts nftables rules that reference the OIFNAME register or the NFTA_FIB_F_PRESENT flag, allowing them to read the stale stack and leak uninitialized data; no public exploits are known. Because the flaw leaks uninitialized kernel stack data, an attacker could use this information to facilitate further attacks, but no direct remote code execution or privilege escalation is available. Prompt remediation is advisable due to the kernel‑level nature of the leak and the potential for future chaining attacks.
OpenCVE Enrichment
Debian DLA