Linux Kernel SIT Tunnel Data-Race Vulnerability

A data-race vulnerability has been identified in the Linux kernel's IPv6 SIT (Simple Internet Transition) tunneling implementation. This issue arises because multiple CPUs can concurrently modify the transmission error statistics of a network device, leading to inconsistent data. The root cause is that SIT tunnels are configured with 'NETIF_F_LLTX', allowing the transmission path to operate without the protection of a spinlock. While the initial report focused on the transmission path, the reception path is affected by the same issue.

Impact

The vulnerability can lead to data corruption in the network statistics, specifically in the transmission error counts, which are updated concurrently by multiple CPUs without proper synchronization.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability. The specific commit that resolves the issue is available in the Linux kernel stable tree.