Impact
The vulnerability allows unprivileged applications to set the Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR) IP options without CAP_NET_RAW capability. By forcing packets to be routed through attacker‑controlled nodes, an adversary can observe TCP initial sequence numbers and other protocol data, providing a means to leak potentially sensitive connection information. This defect originates from improper privilege enforcement, as described by CWE‑266, allowing privileged network behavior to be performed by a non‑privileged user.
Affected Systems
Affected systems are any deployments of the Linux kernel, as indicated by the kernel CPE string are enumerated in the available data, so any kernel that has notS IPOPT_SSRR and IPOPT_LSRR options remains vulnerable.
Risk and Exploitability
The CVSS score of 7.0 indicates high severity. The EPSS score is < 1%, showing a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local, as the vulnerability allows a local user process to send packets with these options, a capability normally restricted to privileged users. Given that LSRR and SSRR remain enabled in some network environments, exploitation could leak TCP ISNs and other protocol data from forwarded traffic.
OpenCVE Enrichment
Debian DLA