Linux Kernel macvlan Component Minimum MTU Enforcement Vulnerability

A vulnerability exists in the macvlan component of the Linux kernel, where the minimum allowed Maximum Transmission Unit (MTU) is not properly enforced. This issue can lead to crashes in the IPv6 stack when the link is activated. The vulnerability allows the creation of a macvlan link with an MTU lower than the required minimum, bypassing current restrictions. The problem has been addressed by ensuring that macvlan enforces a consistent minimum MTU of 68, even during link creation.

Impact

The vulnerability could cause instability in the IPv6 networking stack, potentially leading to crashes or disruptions in network communication.

Reproduction

To reproduce this vulnerability, create a macvlan link with an MTU of 8, which should fail due to the minimum MTU requirement. However, the link can be successfully created with an MTU of 67, despite being below the minimum threshold. This behavior can be exploited by first creating the link with an insufficient MTU, then changing the MTU to a value that violates the minimum requirement, effectively bypassing the intended restrictions.

Remediation

The vulnerability has been fixed in the Linux kernel by enforcing a minimum MTU of 68 for macvlan links. Users should upgrade to the latest version of the Linux kernel where this patch is applied.