Linux Kernel TCP Offload Engine Vulnerability in Cortina Ethernet Driver

A vulnerability in the Linux kernel's Cortina Ethernet driver affects the TCP Offload Engine (TOE) and TCP Segmentation Offload (TSO) features. The issue arises because the driver does not properly handle non-segmented TCP frames, leading to instability, lockups, and crashes. The problem is likely related to the coupling of TOE and TSO, where one cannot be disabled without affecting the other. The vulnerability can cause hardware to lock up under load, disrupting normal operation.

Impact

Exploitation of this vulnerability can cause the Ethernet hardware to lock up, leading to a crash. This disruption can occur within minutes to hours, depending on the load.

Reproduction

The vulnerability can be reproduced by using the Cortina Ethernet driver with the TOE and TSO features enabled. Under load conditions, such as when using iperf3, the hardware will eventually lock up, demonstrating the instability caused by the improper handling of TCP frames.

Remediation

Users can apply the latest patches available in the Linux kernel to address this vulnerability. Instructions for updating the kernel can be found in the official Linux kernel documentation.