Linux Kernel PFCP Device and UDP Socket Netns Mismatch Vulnerability

A vulnerability exists in the Linux kernel's handling of PFCP devices and UDP sockets across different network namespaces. When a PFCP device is created in one namespace, the associated UDP socket is linked to a different namespace. This mismatch can lead to a reference tracking error when the first namespace is deleted, causing a kernel warning and potential instability. The issue arises because the PFCP device remains active in the network namespace of the device, even after the associated namespace is removed, leading to a dangling reference when the netns cleanup process is executed.

Impact

The vulnerability can cause a kernel warning and a reference tracking error, indicating a misuse of network namespace references. This could potentially lead to a denial of service by causing kernel panics or other instability.

Reproduction

To reproduce this vulnerability, create two network namespaces (ns1 and ns2). In ns1, create a PFCP device (pfcp0) that is linked to a UDP socket. Then, delete ns1 while the PFCP device is still active in ns2. This sequence will trigger a reference tracking error as the system attempts to clean up the deleted namespace.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.