Impact
In the Linux kernel’s nftables framework, a flaw in the nft_ct module allows an attacker to trigger a 16‑byte memcpy overflow on the kernel stack. The defect occurs when a rule sets a connection‑track zone and then requests the original connection data, causing the kernel to treat an uninitialized template as a real entry. When the overflow executes, it can corrupt adjacent stack frames, potentially leading to a kernel crash or execution of attacker‑controlled code. The vulnerability is a classic stack buffer overflow (CWE‑787) and is capable, if exploited, of escalating privilege from unprivileged to privileged or kernel level.
Affected Systems
Any Linux kernel build that includes the nft_ct component of nftables is susceptible. The description does not specify vulnerable kernel versions, so all current and past releases with this subsystem are potentially affected until the upstream patch is applied. The impact applies to all Linux kernel variants, as the vulnerability resides in the core netfilter component of nftables.
Risk and Exploitability
The CVSS score of 7.8 classifies this flaw as high severity. The EPSS score is reported as <1 %, indicating that the probability of exploitation is currently very low. It is not listed in the CISA KEV catalog, meaning no documented public exploitation is known. The likely attack vector is crafted network traffic directed at a vulnerable nftables rule, based on the description, implying a remote network‑based entry. Because the vulnerability exploits an out‑of‑bounds memcpy on the kernel stack, the impact could be denial of service, data corruption, or privilege escalation if the overflow is successfully controlled. Although the exploitation likelihood remains low, the potential damage warrants immediate remediation.
OpenCVE Enrichment