Security scanner detects "Etherleak" Ethernet frame padding leak CVE-2003-0001

Solution Verified - Updated -


  • Security scanner detects CVE-2003-0001 Ethernet frame padding leak
  • Sensitive information is being leaked into the Ethernet frame padding on RHEL servers.
  • This can be seen by running packet capture of ARP broadcasts.
  • Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.


  • Red Hat Enterprise Linux
  • Network interface using Ethernet

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content