Impact
In Linux kernel versions before commit 08a3e218064db11f154ad9ad5541751ea7f34ebe, the netfilter x_tables get‑entries implementation copies a per‑CPU counter pointer from kernel space to a userspace buffer before sanitizing the pointer. On SMP systems, this behavior allows a local user to trigger a fault during the copy and receive the raw kernel pointer in userspace, resulting in a data exposure vulnerability consistent with CWE‑1098.
Affected Systems
All Linux kernel installations running a kernel older than the commit that added the fix are vulnerable. The patch was merged into mainline on the commit date, so any kernel version newer than that is considered non‑vulnerable.
Risk and Exploitability
The vulnerability is local and requires the ability to execute a get‑entries system call, which is typically available to any regular user. The EPSS score indicates an exploitation probability of less than 1 %. The CVSS score of 5.5 denotes a moderate impact. Because the leak provides a raw kernel memory address, an attacker could leverage it in a chained exploit to aid privilege escalation, but a direct full compromise requires additional kernel vulnerabilities or code execution primitives. The vulnerability is not listed in CISA KEV, so no widespread exploitation has been reported.
OpenCVE Enrichment
Debian DLA