Linux Kernel erspan skb_mac_header Misuse Vulnerability

A vulnerability exists in the Linux kernel's erspan implementation, specifically in versions prior to 6.3.0. The issue arises from an incorrect assumption that the MAC header of a socket buffer (skb) aligns with its data. This misalignment can lead to errors in the 'ndo_start_xmit' function of network drivers. The vulnerability was reported by syzbot, highlighting a warning generated during the execution of the 'ip6erspan_tunnel_xmit' function, which is part of the IPv6 GRE (Generic Routing Encapsulation) handling.

Impact

Exploitation of this vulnerability could disrupt the normal transmission of packets using the erspan protocol over IPv6, potentially leading to incorrect packet processing or delivery.

Reproduction

The vulnerability can be reproduced by sending packets through an IPv6 erspan tunnel. This can be done using a network application that transmits data over an erspan-enabled interface, which will trigger the 'ip6erspan_tunnel_xmit' function. The misuse of 'skb_mac_header' will generate a warning, indicating the presence of the vulnerability.