Linux Kernel Netmem Transmission Vulnerability for Unreadable Skbs

A vulnerability in the Linux kernel's handling of netmem packets has been addressed. The issue arose because unreadable netmem packets received (RX) could be incorrectly forwarded to the transmission (TX) path of the device, potentially leading to unsafe interactions with DMA mapping APIs. This vulnerability was present in stable kernel trees, where netmem support for transmission was lacking. The issue has been resolved by preventing the transmission of unreadable skbs, ensuring that such packets do not enter the device's TX path where they could be mishandled.

Impact

The vulnerability could have allowed unreadable netmem packets to be transmitted in a way that could disrupt normal device operations, particularly by causing improper interactions with DMA mapping APIs.

Reproduction

The vulnerability could be reproduced by configuring traffic control (tc) to redirect unreadable netmem packets from the ingress of one network interface to the egress of the same interface. Before the fix, this redirection would cause unreadable skbs to appear in the driver's TX path, where they could be improperly processed by DMA mapping APIs. After applying the fix, unreadable skbs no longer reached the driver's TX path.