Linux Kernel Rx Descriptor Reset Vulnerability in Wangxun Libwx
Vulnerability
A vulnerability exists in the Linux kernel's handling of Rx ring descriptors for Wangxun network devices. When the device is reset due to feature changes, such as disabling Rx VLAN offload, the hardware descriptor ring can retain outdated values. This issue can lead to the creation of malformed socket buffers (SKBs). The vulnerability has been addressed by ensuring that the Rx descriptor ring is properly cleared and reinitialized after a device reset.
Impact
The vulnerability can cause a kernel crash due to an invalid opcode error, triggered by a bug in the network stack's socket buffer management.
Reproduction
The vulnerability can be reproduced by toggling the Rx VLAN offload feature on a Wangxun network device, which triggers a device reset. This reset does not properly clear the Rx descriptor ring, leading to the retention of stale values. When the network stack processes these descriptors, it can cause a kernel crash by attempting to handle malformed SKBs.
Remediation
Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.