Impact
The mvpp2 network driver programs the hardware to write incoming frames after a configured headroom region. The CPU cache synchronization routine, however, starts at the beginning of that region and covers only a fixed amount of bytes, purposely missing the tail portion of each packet. On systems that do not use coherent DMA, this mismatch can leave stale data in the processor’s cache. An attacker could potentially read that lingering contents, leading to unauthorized disclosure of data that was previously stored in the same memory region. The defect is represented by CWE‑821, which denotes inconsistencies in protecting data flow.
Affected Systems
The flaw is present in any Linux kernel that contains the unpatched mvpp2 driver for Marvell Ethernet NICs. Any instance where the driver uses the old synchronization logic remains vulnerable. This includes all kernel releases before the commit that introduced dma_sync_single_range_for_cpu with the correct offset, particularly on hardware that operates with non-coherent DMA.
Risk and Exploitability
The CVSS score of 8.6 reflects a high severity, while the EPSS of <1% indicates a very low likelihood of exploitation at present. It is not listed in CISA’s KEV catalog, suggesting no widespread incidents have been observed. The likely attack path is network-based: an adversary would have to inject packets onto the affected interface to trigger the stale cache read. This inference is not stated explicitly in the advisory but is deduced from the nature of the vulnerability. Because exploitation would require controlling network traffic, the overall risk is moderate, but the impact of a successful attack could be significant due to confidential data exposure.
OpenCVE Enrichment
Debian DLA