Linux Kernel VXLAN Unlocked Deletion of Default FDB Entry Vulnerability

A vulnerability exists in the Linux kernel's VXLAN implementation, specifically in 'vnifilter' mode. When a Virtual Network Identifier (VNI) is removed from a VXLAN device, the associated Forwarding Database (FDB) entry for the default remote is deleted without proper synchronization, leading to potential inconsistencies. This issue has been acknowledged with a warning from the lockdep annotation, indicating a violation of the expected locking protocol.

Impact

Exploitation of this vulnerability can lead to a warning being generated by the lockdep annotation, indicating a locking protocol violation. This could potentially be exploited to cause a use-after-free condition, leading to memory corruption.

Reproduction

To reproduce this vulnerability, create a VXLAN interface named 'vx0' with 'vnifilter' mode enabled. After adding a VNI entry with a specified remote address, delete the VNI entry from the VXLAN interface. The deletion process will remove the default FDB entry without holding the necessary hash lock, triggering a lockdep warning.

Remediation

The vulnerability has been fixed by modifying the deletion process to acquire the hash lock before removing the FDB entry and releasing it afterwards.