The "do_replace()" function in net/bridge/netfilter/ebtables.c does not properly terminate a string, which can be exploited to disclose system information.
old kernel bug. no GLSA required. Not feasible to track backports of patches