Linux Kernel batman-adv Module Interface Removal Panic Vulnerability

A vulnerability in the Linux kernel's batman-adv module can lead to a kernel panic during the removal of a network interface. This issue arises because reference counting does not ensure that a hard interface remains linked to a soft interface until all related work is completed. As a result, the hard interface can be freed prematurely, causing a crash. The problem can be exacerbated by delaying the metric work, which allows for more reliable reproduction of the issue.

Impact

The vulnerability causes a kernel panic, leading to a system crash.

Reproduction

The vulnerability can be reproduced by removing a network interface while the batman-adv module is still processing related work. This can be done by changing the metric work to delayed work, which allows the issue to occur more reliably.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.