Impact
The Linux kernel has a flaw in the skb_gro_receive_list() routine. The function pulls data from a socket buffer without ensuring the data is in the linear region, which triggers a BUG_ON when the buffer length becomes less than the data length. This leads to an immediate kernel crash. The bug is characterized by CWE‑805, Improper Boundary Calculation, and results in a denial‑of‑service condition.
Affected Systems
All Linux kernel implementations across distributions are affected, as the issue resides in core networking code that is part of the kernel. Without specific version information, the vulnerability may impact all current kernel releases until the patch is applied. The fix was introduced in commit 0cde3a0041, so any kernel newer than this commit is safe.
Risk and Exploitability
The CVSS score of 7.5 indicates high severity, while the EPSS score of < 1 % shows a very low but non‑zero exploitation probability. The vulnerability is not listed in CISA KEV and no publicly documented exploit currently exists. Attack would likely require delivery of malformed packets that trigger the GRO path; thus the attack vector is inferred as network‑based. The resulting kernel panic would cause a denial of service to the affected host.
OpenCVE Enrichment