Linux Kernel LLC Layer Vulnerability Leading to Host Crash

A vulnerability in the Linux kernel's Logical Link Control (LLC) layer can cause a host crash. This issue arises when devices that do not support the 'IFF_TX_SKB_SHARING' flag handle shared socket buffers. The e1000 network driver, in such cases, can trigger a crash by improperly managing shared data. The vulnerability has been addressed by replacing 'skb_get()' with 'skb_clone()' in the LLC layer's action handling code. However, the e1000 driver may still encounter issues with packet generation tools that do not clear the sharing flag, indicating a need for further review of the driver's compatibility with such tools.

Impact

Exploitation of this vulnerability can lead to a kernel panic, causing a denial of service by crashing the host system.

Reproduction

The vulnerability can be reproduced by using the e1000 network driver with devices that do not support 'IFF_TX_SKB_SHARING'. When the driver processes shared socket buffers, it can inadvertently cause a crash by mishandling the data. This issue may be exacerbated by using packet generation tools that do not properly manage the sharing flag, leading to a kernel panic.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been addressed.