Linux Kernel GTP Device and UDP Socket Net Namespace Handling Vulnerability

A vulnerability exists in the Linux kernel's GTP (GPRS Tunneling Protocol) implementation, specifically in how it manages network namespaces for devices and associated UDP sockets. The issue arises because the GTP device is linked to the wrong network namespace, causing it to remain active even after the correct namespace has been removed. This mismanagement can lead to a reference tracking error when the namespace is deleted, as the device is not properly cleaned up.

Impact

Exploitation of this vulnerability can cause a reference counting error, leading to a kernel panic. The GTP device remains active in the wrong network namespace, causing improper resource management and potential system instability.

Reproduction

To reproduce this vulnerability, create two network namespaces (ns1 and ns2). In ns1, establish a GTP device linked to ns2. When ns1 is deleted, the GTP device remains active in ns2, leading to a reference tracking error. This error occurs because the device is not properly associated with the namespace of the UDP socket, causing resource management issues when the namespace is removed.