Linux Kernel AM65 CPSW NUSS SKB Size Vulnerability

A vulnerability in the Linux kernel's AM65 CPSW NUSS Ethernet driver has been addressed. The issue arose because, during the transition from the netdev_alloc_ip_align() function to build_skb(), the memory required for the 'skb_shared_info' component of the socket buffer (skb) was not properly allocated. This oversight has been corrected by allocating a length of 'PAGE_SIZE' for the skb, which now accounts for the packet length as well as the necessary headroom and tailroom, ensuring that adequate memory for skb_shared_info is available.

Impact

The vulnerability could lead to improper handling of socket buffers, potentially causing memory management issues or affecting the performance of the network driver.

Reproduction

The vulnerability can be reproduced by using the AM65 CPSW NUSS Ethernet driver in the Linux kernel. The issue occurs when the driver processes incoming packets, as the driver fails to allocate the correct amount of memory for the socket buffer, particularly for the shared information that is crucial for managing the buffer's lifecycle and metadata.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue can be found in the Linux kernel stable tree.