Linux Kernel VLAN Protocol Handling Vulnerability

A vulnerability in the Linux kernel's handling of VLAN protocols can lead to a kernel panic. This issue arises because certain functions expected the VLAN protocol to be correctly parsed and the MAC header to be available, but this was not always the case. The vulnerability was discovered by syzbot, which identified a problem in the Generic Segmentation Offload (GSO) processing of VLAN tagged packets. The issue has been addressed by introducing a new helper function, 'vlan_get_protocol_and_depth()', which ensures that the VLAN protocol is correctly parsed and the MAC header is properly handled. This vulnerability affects several versions of the Linux kernel, including 6.1.24-syzkaller.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by sending a VLAN tagged packet through a network interface that uses Generic Segmentation Offload (GSO). The packet will not be correctly processed, leading to a crash when the GSO segment function tries to access the MAC header, which is missing.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading can be found in the official Linux kernel documentation.