Linux Kernel XFRM Subsystem Zero Padding Vulnerability in User-Space Data Transfer

A vulnerability exists in the Linux kernel's XFRM subsystem, specifically in the handling of algorithms and encapsulation templates when data is copied to user space. This issue can lead to the unintentional exposure of sensitive data, as padding in data structures may contain random, potentially sensitive information that should not be transmitted to user space. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could result in the leakage of sensitive data from the kernel to user space, potentially exposing confidential information to user-space applications.

Reproduction

The vulnerability can be reproduced by accessing the XFRM subsystem and triggering the data transfer to user space. This can be done by manipulating XFRM states or policies in a way that invokes the affected functions responsible for copying the algorithm and encapsulation data. The issue arises because the original implementation does not properly sanitize the data before it is sent to user space, allowing padding bytes that may contain sensitive information to be exposed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commits that fix this issue are available in the Linux kernel stable tree.