Linux Kernel MCTP Interface Filtering Vulnerability

A vulnerability in the Linux kernel's MCTP (Management Component Transport Protocol) implementation has been addressed. The issue arose in the 'mctp_dump_addrinfo' function, where the 'ifa_index' field was accessed without proper initialization. This could lead to comparisons with uninitialized memory, creating potential instability or unexpected behavior. The vulnerability was reproducible in certain scenarios involving 'dhcpd' or 'busybox' commands that display network interface information. The MCTP kernel implementation has always relied on a valid 'ifa_index' for filtering, so userspace programs must ensure they provide a correct index when dumping MCTP addresses.

Impact

Accessing uninitialized memory in the MCTP address dumping process, which could lead to undefined behavior or information leakage.

Reproduction

The vulnerability can be reproduced by using a userspace program that dumps MCTP addresses without providing a valid 'ifa_index'. This can be done with 'dhcpd' in a way that triggers the 'mctp_dump_addrinfo' function, or by using 'busybox' with the 'ip addr show' command, which also omits the necessary 'ifa_index' value.