Impact
The Linux kernel misclassifies packets that carry the PACKET_OUTGOING flag, treating them as members of the error queue even when they originate from AF_PACKET sockets. When timestamping is enabled, the timestamp control‑message path reads state from AF_PACKET’s control buffer, leading to a buffer under‑read (CWE‑125). If the packet is non‑linear, this read extends past the linear head and can trigger a hardened usercopy failure, which may result in a kernel crash, or expose adjacent heap contents, which could leak sensitive information.
Affected Systems
All releases of the Linux kernel older than the commit that introduced this logic fix (identified by the hash 1ee90b77b727df903033db873c75caac5c27ec98).
Risk and Exploitability
The CVSS score of 7.1 and an EPSS score of less than 1% indicate a moderate severity and low likelihood of widespread exploitation. The likely attack vector is via raw packet sockets with timestamping enabled; an attacker needs to be able to craft and send packets that trigger the timestamp path. Because the vulnerability does not provide remote code execution, its impact is limited to kernel crashes or information disclosure, and it remains confined to the local host. The vulnerability is not listed in the CISA KEV catalog, further supporting a moderate risk posture.
OpenCVE Enrichment
Debian DLA