Linux Kernel Netlink Device Address Length Hardcoding Vulnerability

A vulnerability in the Linux kernel's netlink implementation can lead to a kernel information leak. This issue arises because the Address Length of some netdev devices is not six bytes, as typically expected. Instead, it can be shorter, such as four bytes. The vulnerability is present in the Linux kernel stable tree and affects several versions. The root cause is the hardcoding of the device address length in Forwarding Database (FDB) dumps, which can be exploited to send uninitialized data to user space, potentially leading to information disclosure.

Impact

Exploitation of this vulnerability causes a kernel information leak, where uninitialized memory is inadvertently sent to user space. This type of information leak can be exploited to read sensitive data from memory, which could include passwords, cryptographic keys, or other confidential information.

Reproduction

The vulnerability can be reproduced by using a netdev device that has a device address length of four bytes instead of the standard six. When the device is used in conjunction with netlink to dump FDB information, the hardcoded address length leads to the uninitialized memory being sent to the user space.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version can be found in the Linux kernel documentation.