Description
An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic.
Published: 2026-05-22
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Malformed IPv4/IPv6 packets such as TCP, IL, RUDP, or GRE sent with a total length shorter than the protocol header cause the 9front kernel to panic, immediately crashing the system and forcing a reboot. This disruption removes availability for legitimate users and can be triggered remotely without authentication.

Affected Systems

The vulnerability resides in the 9front operating system kernel. No specific version numbers are listed, so all builds of 9front that use the default networking stack are potentially affected until the vendor’s patch is applied.

Risk and Exploitability

The CVSS score of 9.2 marks this flaw as Critical, indicating a high impact and easy exploitation. Because the EPSS score is less than 1% (approximately 0.04%) and no KEV listing exists, the actual exploitation risk relies on an attacker’s ability to craft the vulnerable packets, which can be done over the network from any remote host. The likely attack vector is remote packet injection, leading to a denial of service without requiring authentication or elevated privileges. The lack of authentication requirements makes the threat universally actionable against exposed 9front nodes.

Generated by OpenCVE AI on May 22, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest 9front release that contains the packet validation fix, or manually apply the patch from the vendor commit URLs provided.
  • Configure firewall rules on the 9front host to drop or reject any packets whose total length is less than the corresponding protocol header, thereby preventing malformed traffic from reaching the kernel.
  • Set up automated monitoring of kernel crash logs and alerts to detect and respond to kernel panic events promptly.

Generated by OpenCVE AI on May 22, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Fri, 22 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-130
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 05:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Fri, 22 May 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared 9front
9front 9front
Vendors & Products 9front
9front 9front

Fri, 22 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic.
Title Invalid IP packets cause a kernel panic
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:A/AU:Y/R:A'}

Subscriptions

9front 9front
cve-icon MITRE

Status: PUBLISHED

Assigner: 9front

Published:

Updated: 2026-05-22T17:15:48.984Z

Reserved: 2026-05-19T21:39:27.357Z

Link: CVE-2026-9054

cve-icon Vulnrichment

Updated: 2026-05-22T16:11:01.487Z

cve-icon NVD

Status : Received

Published: 2026-05-22T04:16:28.607

Modified: 2026-05-22T04:16:28.607

Link: CVE-2026-9054

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T20:30:06Z

Weaknesses