Linux Kernel VXLAN Race Condition Vulnerability Leading to NULL Pointer Dereference

A race condition vulnerability has been identified in the Linux kernel's VXLAN implementation. This issue arises when a VXLAN device is deleted while it is actively receiving packets. In such cases, there is a risk that the socket is released before the VXLAN socket information is fully processed. This premature release can lead to a NULL pointer dereference in a subsequent function, causing a crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a system crash.

Reproduction

The vulnerability can be reproduced by deleting a VXLAN device while it is receiving packets. This can be done using a script that removes the VXLAN tunnel during traffic, such as the one available in the Mellanox OVS tests repository.

Remediation

The vulnerability has been addressed by modifying the VXLAN socket release process to ensure that all data readers have finished before the socket is released. Users should update to the latest version of the Linux kernel where this fix has been applied.