Linux Kernel Net Subsystem Trace Event Transport Header Vulnerability

A vulnerability has been identified in the Linux kernel's handling of net_dev_start_xmit trace events, specifically related to the skb_transport_offset() function. This issue arises in the net subsystem when the transport header is not properly set, which can lead to incorrect packet transmission handling. The vulnerability was reported by syzbot and affects Linux kernel versions through 6.1.30.

Impact

The vulnerability can cause trace events to incorrectly handle the transport header offset, potentially leading to mismanagement of network packets.

Reproduction

The vulnerability can be reproduced by enabling the net_dev_start_xmit trace event in a Linux kernel version prior to 6.1.30. Once the event is active, the issue can be observed when packets are transmitted without a properly set transport header. This can be triggered by certain network conditions or configurations that bypass the normal header setup, such as specific types of traffic or using the Batman-adv networking protocol.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.