Impact
The vulnerability resides in the Linux kernel’s netfilter conntrack IRC helper, where a malformed command string can cause an out-of-bounds read. This read occurs after a parsing failure during a command match and may expose sensitive kernel memory contents, representing a potential information disclosure.
Affected Systems
All configurations of the Linux kernel that enable the netfilter conntrack IRC helper are potentially affected. No specific upstream kernel release or version range is listed in the advisory, so any kernel version with the helper enabled during the time of the vulnerability could be impacted.
Risk and Exploitability
The CVSS score of 8.2 indicates moderate to high severity, but the EPSS score of <1% suggests a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that an attacker would need remote network access to send a crafted IRC packet to a host with the helper active, potentially triggering a parsing failure that leads to an out-of-bounds read. Given the low EPSS and the rarity of the vulnerable helper in modern implementations, the overall risk is moderate but the probability of exploitation is low.
OpenCVE Enrichment
Debian DLA