Impact
An off‑by‑one error in the Linux kernel’s 6lowpan multicast context address compression routine copies data from the wrong offsets. The bug corrupts the RIID field and leaves four bytes of uninitialized kernel stack memory in the compressed packet. When that packet is transmitted, the uninitialized bytes leak portions of kernel stack information to anyone who can capture the packet, resulting in an information‑disclosure vulnerability. The underlying weakness is identified as CWE‑193, an off‑by‑one error that leads to memory corruption and data leakage.
Affected Systems
All Linux kernel builds before the application of the commit that introduced the fix (e.g., the commit identified by 06ce6fc106b16dec9b535950db626261be865e5b). This flaw is specific to 6lowpan multicast traffic handling in the kernel and affects hosts running the default 6lowpan driver. The vulnerability is present in any Linux distribution that ships the affected kernel version without the corrective commit.
Risk and Exploitability
The CVSS score of 5.5 places this as a moderate‑severity issue, while the EPSS score being less than 1% indicates a low likelihood of exploitation in the near term. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector involves an attacker crafting a lowpan multicast packet that triggers the wrong memcpy offsets; when the packet is transmitted, an observer on the network can capture the uninitialized kernel stack bytes, thereby obtaining sensitive information. This inference is drawn from the description stating that "data[5] is never written, so uninitialized kernel stack memory is transmitted." No additional elevated privilege exploitation is described in the provided information.
OpenCVE Enrichment
Debian DLA