Impact
The vulnerability is a flaw in the Linux kernel’s XFRM/iptfs packet reassembly logic, where the first socket buffer is stored and later accessed without proper locking. This use‑after‑free can result in the kernel operating on freed memory, potentially causing a crash. The description does not explicitly state a use trigger a kernel panic or execute code if the freed memory is reused maliciously.
Affected Systems
All publicly released Linux kernel versions that have the affected XFRM/iptfs reassembly code path and have not yet incorporated the patch commit 8d9a79fb5 are vulnerable. The commit was introduced in June 2026; kernels built prior to that commit are affected, while any kernel including the commit or later is considered patched.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity. The EPSS score is reported as less than 1 %, suggesting that documented exploitation is rare. The vulnerability is not listed in CISA’s KEV catalog, indicating no publicly known or confirmed exploits. The flaw is a classic concurrency‑based use‑after‑free (CWE‑367). An attacker would need to inject or manipulate fragmented network packets that trigger the reassembly path. The most likely attack vector would involve crafted network traffic targeting interfaces that process such fragments; if exploitation is achieved, the kernel‑level nature of the defect implies that a crash or other adverse impact could follow.
OpenCVE Enrichment