Linux Kernel Taprio Qdisc Cycle Time Validation Vulnerability

A vulnerability in the Linux kernel's Taprio scheduling feature allows for a zero division error, leading to a potential denial-of-service condition. This issue arises because the Taprio cycle time attribute can be set to an invalid value that, when processed, causes a division by zero. The vulnerability is present in the Taprio queuing discipline (Qdisc) implementation, specifically in how the cycle time is handled and validated.

Impact

Exploitation of this vulnerability causes a division by zero error, which can lead to a denial-of-service condition by causing a kernel panic or similar disruption.

Reproduction

The vulnerability can be reproduced by adding a Taprio Qdisc with an invalid cycle time value that exceeds the maximum allowed limit. This can be done using the 'tc' command to create a Taprio schedule entry that includes a cycle time greater than 4,294,967,296 nanoseconds, which is then cast to a signed 32-bit integer and interpreted as zero. The invalid cycle time triggers the zero division error when the system attempts to calculate the transmission time for packets.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux documentation.