{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49844", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-01T14:05:17.229Z", "datePublished": "2025-05-01T14:09:58.999Z", "dateUpdated": "2025-10-01T17:00:34.409Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:46:44.354Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: dev: fix skb drop check\n\nIn commit a6d190f8c767 (\"can: skb: drop tx skb if in listen only\nmode\") the priv->ctrlmode element is read even on virtual CAN\ninterfaces that do not create the struct can_priv at startup. This\nout-of-bounds read may lead to CAN frame drops for virtual CAN\ninterfaces like vcan and vxcan.\n\nThis patch mainly reverts the original commit and adds a new helper\nfor CAN interface drivers that provide the required information in\nstruct can_priv.\n\n[mkl: patch pch_can, too]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/at91_can.c", "drivers/net/can/c_can/c_can_main.c", "drivers/net/can/can327.c", "drivers/net/can/cc770/cc770.c", "drivers/net/can/ctucanfd/ctucanfd_base.c", "drivers/net/can/dev/skb.c", "drivers/net/can/flexcan/flexcan-core.c", "drivers/net/can/grcan.c", "drivers/net/can/ifi_canfd/ifi_canfd.c", "drivers/net/can/janz-ican3.c", "drivers/net/can/kvaser_pciefd.c", "drivers/net/can/m_can/m_can.c", "drivers/net/can/mscan/mscan.c", "drivers/net/can/pch_can.c", "drivers/net/can/peak_canfd/peak_canfd.c", "drivers/net/can/rcar/rcar_can.c", "drivers/net/can/rcar/rcar_canfd.c", "drivers/net/can/sja1000/sja1000.c", "drivers/net/can/slcan/slcan-core.c", "drivers/net/can/softing/softing_main.c", "drivers/net/can/spi/hi311x.c", "drivers/net/can/spi/mcp251x.c", "drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c", "drivers/net/can/sun4i_can.c", "drivers/net/can/ti_hecc.c", "drivers/net/can/usb/ems_usb.c", "drivers/net/can/usb/esd_usb.c", "drivers/net/can/usb/etas_es58x/es58x_core.c", "drivers/net/can/usb/gs_usb.c", "drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c", "drivers/net/can/usb/mcba_usb.c", "drivers/net/can/usb/peak_usb/pcan_usb_core.c", "drivers/net/can/usb/ucan.c", "drivers/net/can/usb/usb_8dev.c", "drivers/net/can/xilinx_can.c", "include/linux/can/dev.h"], "versions": [{"version": "a6d190f8c7670068d8c154ef8477eca07b5e3574", "lessThan": "386c49fe31ee748e053860b3bac7794a933ac9ac", "status": "affected", "versionType": "git"}, {"version": "a6d190f8c7670068d8c154ef8477eca07b5e3574", "lessThan": "ae64438be1923e3c1102d90fd41db7afcfaf54cc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/at91_can.c", "drivers/net/can/c_can/c_can_main.c", "drivers/net/can/can327.c", "drivers/net/can/cc770/cc770.c", "drivers/net/can/ctucanfd/ctucanfd_base.c", "drivers/net/can/dev/skb.c", "drivers/net/can/flexcan/flexcan-core.c", "drivers/net/can/grcan.c", "drivers/net/can/ifi_canfd/ifi_canfd.c", "drivers/net/can/janz-ican3.c", "drivers/net/can/kvaser_pciefd.c", "drivers/net/can/m_can/m_can.c", "drivers/net/can/mscan/mscan.c", "drivers/net/can/pch_can.c", "drivers/net/can/peak_canfd/peak_canfd.c", "drivers/net/can/rcar/rcar_can.c", "drivers/net/can/rcar/rcar_canfd.c", "drivers/net/can/sja1000/sja1000.c", "drivers/net/can/slcan/slcan-core.c", "drivers/net/can/softing/softing_main.c", "drivers/net/can/spi/hi311x.c", "drivers/net/can/spi/mcp251x.c", "drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c", "drivers/net/can/sun4i_can.c", "drivers/net/can/ti_hecc.c", "drivers/net/can/usb/ems_usb.c", "drivers/net/can/usb/esd_usb.c", "drivers/net/can/usb/etas_es58x/es58x_core.c", "drivers/net/can/usb/gs_usb.c", "drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c", "drivers/net/can/usb/mcba_usb.c", "drivers/net/can/usb/peak_usb/pcan_usb_core.c", "drivers/net/can/usb/ucan.c", "drivers/net/can/usb/usb_8dev.c", "drivers/net/can/xilinx_can.c", "include/linux/can/dev.h"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.9", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.0.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/386c49fe31ee748e053860b3bac7794a933ac9ac"}, {"url": "https://git.kernel.org/stable/c/ae64438be1923e3c1102d90fd41db7afcfaf54cc"}], "title": "can: dev: fix skb drop check", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-01T17:00:29.049207Z", "id": "CVE-2022-49844", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T17:00:34.409Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-49844", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-01T17:00:29.049207Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T14:34:39.476Z"}}], "cna": {"title": "can: dev: fix skb drop check", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a6d190f8c7670068d8c154ef8477eca07b5e3574", "lessThan": "386c49fe31ee748e053860b3bac7794a933ac9ac", "versionType": "git"}, {"status": "affected", "version": "a6d190f8c7670068d8c154ef8477eca07b5e3574", "lessThan": "ae64438be1923e3c1102d90fd41db7afcfaf54cc", "versionType": "git"}], "programFiles": ["drivers/net/can/at91_can.c", "drivers/net/can/c_can/c_can_main.c", "drivers/net/can/can327.c", "drivers/net/can/cc770/cc770.c", "drivers/net/can/ctucanfd/ctucanfd_base.c", "drivers/net/can/dev/skb.c", "drivers/net/can/flexcan/flexcan-core.c", "drivers/net/can/grcan.c", "drivers/net/can/ifi_canfd/ifi_canfd.c", "drivers/net/can/janz-ican3.c", "drivers/net/can/kvaser_pciefd.c", "drivers/net/can/m_can/m_can.c", "drivers/net/can/mscan/mscan.c", "drivers/net/can/pch_can.c", "drivers/net/can/peak_canfd/peak_canfd.c", "drivers/net/can/rcar/rcar_can.c", "drivers/net/can/rcar/rcar_canfd.c", "drivers/net/can/sja1000/sja1000.c", "drivers/net/can/slcan/slcan-core.c", "drivers/net/can/softing/softing_main.c", "drivers/net/can/spi/hi311x.c", "drivers/net/can/spi/mcp251x.c", "drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c", "drivers/net/can/sun4i_can.c", "drivers/net/can/ti_hecc.c", "drivers/net/can/usb/ems_usb.c", "drivers/net/can/usb/esd_usb.c", "drivers/net/can/usb/etas_es58x/es58x_core.c", "drivers/net/can/usb/gs_usb.c", "drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c", "drivers/net/can/usb/mcba_usb.c", "drivers/net/can/usb/peak_usb/pcan_usb_core.c", "drivers/net/can/usb/ucan.c", "drivers/net/can/usb/usb_8dev.c", "drivers/net/can/xilinx_can.c", "include/linux/can/dev.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.0"}, {"status": "unaffected", "version": "0", "lessThan": "6.0", "versionType": "semver"}, {"status": "unaffected", "version": "6.0.9", "versionType": "semver", "lessThanOrEqual": "6.0.*"}, {"status": "unaffected", "version": "6.1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/can/at91_can.c", "drivers/net/can/c_can/c_can_main.c", "drivers/net/can/can327.c", "drivers/net/can/cc770/cc770.c", "drivers/net/can/ctucanfd/ctucanfd_base.c", "drivers/net/can/dev/skb.c", "drivers/net/can/flexcan/flexcan-core.c", "drivers/net/can/grcan.c", "drivers/net/can/ifi_canfd/ifi_canfd.c", "drivers/net/can/janz-ican3.c", "drivers/net/can/kvaser_pciefd.c", "drivers/net/can/m_can/m_can.c", "drivers/net/can/mscan/mscan.c", "drivers/net/can/pch_can.c", "drivers/net/can/peak_canfd/peak_canfd.c", "drivers/net/can/rcar/rcar_can.c", "drivers/net/can/rcar/rcar_canfd.c", "drivers/net/can/sja1000/sja1000.c", "drivers/net/can/slcan/slcan-core.c", "drivers/net/can/softing/softing_main.c", "drivers/net/can/spi/hi311x.c", "drivers/net/can/spi/mcp251x.c", "drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c", "drivers/net/can/sun4i_can.c", "drivers/net/can/ti_hecc.c", "drivers/net/can/usb/ems_usb.c", "drivers/net/can/usb/esd_usb.c", "drivers/net/can/usb/etas_es58x/es58x_core.c", "drivers/net/can/usb/gs_usb.c", "drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c", "drivers/net/can/usb/mcba_usb.c", "drivers/net/can/usb/peak_usb/pcan_usb_core.c", "drivers/net/can/usb/ucan.c", "drivers/net/can/usb/usb_8dev.c", "drivers/net/can/xilinx_can.c", "include/linux/can/dev.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/386c49fe31ee748e053860b3bac7794a933ac9ac"}, {"url": "https://git.kernel.org/stable/c/ae64438be1923e3c1102d90fd41db7afcfaf54cc"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: dev: fix skb drop check\n\nIn commit a6d190f8c767 (\"can: skb: drop tx skb if in listen only\nmode\") the priv->ctrlmode element is read even on virtual CAN\ninterfaces that do not create the struct can_priv at startup. This\nout-of-bounds read may lead to CAN frame drops for virtual CAN\ninterfaces like vcan and vxcan.\n\nThis patch mainly reverts the original commit and adds a new helper\nfor CAN interface drivers that provide the required information in\nstruct can_priv.\n\n[mkl: patch pch_can, too]"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.0.9", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:46:44.354Z"}}}, "cveMetadata": {"cveId": "CVE-2022-49844", "state": "PUBLISHED", "dateUpdated": "2025-10-01T17:00:34.409Z", "dateReserved": "2025-05-01T14:05:17.229Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2025-05-01T14:09:58.999Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E56F8-B415-4563-B3CC-33864CBCEA4E", "versionEndExcluding": "6.0.9", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: dev: fix skb drop check\n\nIn commit a6d190f8c767 (\"can: skb: drop tx skb if in listen only\nmode\") the priv->ctrlmode element is read even on virtual CAN\ninterfaces that do not create the struct can_priv at startup. This\nout-of-bounds read may lead to CAN frame drops for virtual CAN\ninterfaces like vcan and vxcan.\n\nThis patch mainly reverts the original commit and adds a new helper\nfor CAN interface drivers that provide the required information in\nstruct can_priv.\n\n[mkl: patch pch_can, too]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: dev: fix skb drop check. En el commit a6d190f8c767 (\"can: skb: drop tx skb if in listen only mode\"), el elemento priv->ctrlmode se lee incluso en interfaces CAN virtuales que no crean la estructura can_priv al inicio. Esta lectura fuera de los l\u00edmites puede provocar la p\u00e9rdida de tramas CAN en interfaces CAN virtuales como vcan y vxcan. Este parche revierte principalmente la confirmaci\u00f3n original y a\u00f1ade un nuevo asistente para los controladores de interfaz CAN que proporciona la informaci\u00f3n necesaria en la estructura can_priv. [mkl: parchear tambi\u00e9n pch_can]"}], "id": "CVE-2022-49844", "lastModified": "2025-10-01T17:15:33.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-01T15:16:07.907", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/386c49fe31ee748e053860b3bac7794a933ac9ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ae64438be1923e3c1102d90fd41db7afcfaf54cc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: can: dev: fix skb drop check", "id": "2363469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363469"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncan: dev: fix skb drop check\nIn commit a6d190f8c767 (\"can: skb: drop tx skb if in listen only\nmode\") the priv->ctrlmode element is read even on virtual CAN\ninterfaces that do not create the struct can_priv at startup. This\nout-of-bounds read may lead to CAN frame drops for virtual CAN\ninterfaces like vcan and vxcan.\nThis patch mainly reverts the original commit and adds a new helper\nfor CAN interface drivers that provide the required information in\nstruct can_priv.\n[mkl: patch pch_can, too]"], "name": "CVE-2022-49844", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49844\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49844\nhttps://lore.kernel.org/linux-cve-announce/2025050141-CVE-2022-49844-e0b9@gregkh/T"], "statement": "The patch addresses a flaw in the Marvell octeontx2-pf network driver where the calculation of available SQEs (Send Queue Entries) was incorrect. Instead of checking whether previous entries were fully processed, it relied on SQB hardware counters. This could result in a new SQE being submitted before the corresponding CQE was processed, leading to memory corruption or SKB pointer leaks. May cause memory leaks or data corruption under high load, particularly in NAPI-driven transmission paths.", "threat_severity": "Moderate"}