Linux Kernel NFS Over TLS Control Message Handling Vulnerability

A vulnerability has been identified in the Linux kernel's handling of control messages for NFS over TLS. The issue arises in the 'tls_alert_recv()' function, which incorrectly assumes it can read data from the message iterator's 'kvec'. This misassumption creates a security exploit, as the kTLS implementation divides TLS non-data record payloads between the control message buffer and the message payload buffer. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to improper handling of TLS control messages, such as alerts, potentially allowing for unauthorized manipulation or interpretation of TLS data.

Reproduction

To reproduce this vulnerability, NFS over TLS must be used in a scenario where TLS control messages, particularly alerts, are sent from the server. The 'tls_alert_recv()' function will then fail to correctly process these messages, creating a vulnerability that could be exploited.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.