Linux Kernel IPv6 Address Label Information Leak Vulnerability

A vulnerability in the Linux kernel's IPv6 address label handling has been addressed. The issue involved an uninitialized reserved field in the 'struct ifaddrlblmsg' when it was sent over the network, leading to a one-byte information leak. This vulnerability was detected by the Kernel Memory Sanitizer (KMSAN) as a kernel network information leak.

Impact

Exploitation of this vulnerability resulted in an unintentional information leak from the kernel to the user space, specifically through the Netlink interface.

Reproduction

The vulnerability can be reproduced by sending a Netlink message that includes the 'struct ifaddrlblmsg' without the reserved field being properly initialized. This can be done by using the 'ip6addrlbl_get' function in the 'net/ipv6/addrlabel.c' file, which handles address label messages for IPv6. The uninitialized byte in the reserved field can then be observed as an information leak.

Remediation

Users should upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.