Linux Kernel Sk Mc Loop Vulnerability Due to Improper Sk Family Handling

A vulnerability in the Linux kernel's handling of multicast loopback checks has been identified. The issue arises in the 'sk_mc_loop' function, where the socket's family is read without proper synchronization. This can lead to incorrect multicast loopback behavior, especially with IPv6 addresses. The vulnerability was triggered by syzbot, a kernel fuzzer, which exposed the problem by manipulating IPv6 address forms. The issue has been addressed by modifying the multicast loopback function to read the socket family in a thread-safe manner, ensuring correct behavior in all scenarios.

Impact

Exploitation of this vulnerability can cause incorrect multicast loopback handling, potentially disrupting network communication for affected sockets.

Reproduction

The vulnerability can be reproduced by using the syzbot fuzzer with the 'IPV6_ADDRFORM' option, which will trigger the unprotected read of the socket family in the 'sk_mc_loop' function. This can be done by compiling the kernel with IPv6 support and using a network interface that is configured to handle IPv6 traffic.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the official Linux kernel stable repository.