Impact
The bug in mrp_pdu_parse_vecattr in the Linux kernel's net/802/mrp subsystem causes the parser to incorrectly decrement the event counter, consume erroneous packet bytes, and mishandle empty vector attributes. This results in spurious MRP events being applied and incorrect offset calculations for subsequent PDUs. The flaw represents a buffer manipulation weakness (CWE-1285) and could corrupt kernel data structures that control MRP state, potentially leading to memory corruption and a crash.
Affected Systems
All Linux kernel implementations that include the IEEE 802.1ak MRP code compiled into the kernel when MRP is enabled. This includes every standard Linux distribution running a native kernel, as no specific kernel version range is listed in the advisory. The issue exists in the net/802/mrp code compiled into the kernel when MRP is enabled.
Risk and Exploitability
The CVSS score of 5.5 indicates medium severity. The EPSS score (< 1%) and absence from the CISA KEV catalog suggest a low probability of exploitation, but a malicious actor could target a host on a network segment that participates in MRP by sending malformed MRP PDUs. Based on the description, it is inferred that an attacker would need network proximity or control of a VLAN that exchanges MRP frames to trigger the defect and cause kernel.
OpenCVE Enrichment
Debian DLA