Linux Kernel ERSPAN Transport Header Handling Vulnerability

A vulnerability in the Linux kernel's ERSPAN (Encapsulated Remote Switched Port Analyzer) implementation has been addressed. The issue arose because the code assumed that the transport header was always present, which led to a warning during execution. This vulnerability was reported by syzbot and is related to the IP6 ERSPAN tunnel transmission function.

Impact

Exploitation of this vulnerability could lead to improper handling of network packets, potentially causing a denial-of-service condition by disrupting normal packet transmission processes.

Reproduction

The vulnerability can be reproduced by using a Linux kernel version that includes the affected ERSPAN implementation. When the IP6 ERSPAN tunnel transmission function is called without a transport header, it triggers a warning, indicating that the assumption of the header's presence was incorrect. This scenario can be created by manipulating network packet headers in a way that omits the transport layer information, then sending the packets through a network interface that uses the ERSPAN tunneling feature.