Impact
The mvpp2 driver in the Linux kernel incorrectly sets the frame size of every XDP buffer to PAGE_SIZE, regardless of whether the buffer comes from a short BM pool that is smaller than a page. This mis‑sized frame size allows the bpf_xdp_adjust_tail() helper to grow packets beyond the memory actually reserved for the buffer. The resulting write past the end of the buffer can overwrite arbitrary kernel memory or trigger skb tailroom checks, giving an attacker the possibility to corrupt kernel state or execute code. The flaw is a classic buffer overflow, evidenced by CWE-787.
Affected Systems
Linux kernel systems that include the mvpp2 network driver and have not yet applied the patch. The vulnerability applies across all distributions, as the affected code is part of the upstream kernel.
Risk and Exploitability
The EPSS score is reported as less than 1%, indicating a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, but it has a high severity CVSS score of 9.8. Based on the description, it is inferred that the attacker would need to inject crafted packets that traverse the XDP path on an affected interface, and that exploitation is more likely in a compromised or internal network context rather than through remote public exposure.
OpenCVE Enrichment
Debian DLA