Linux Kernel IPv6 Route Notification Vulnerability

A vulnerability in the Linux kernel's IPv6 routing handling has been addressed. The issue arose because the 'inet6_rt_notify()' function could be called under RCU protection, leading to concurrent modifications of routing data. This could cause the 'rt6_fill_node()' function to return an error indicating that the message size was too large, which was previously flagged as a warning. The vulnerability has been resolved by adding a retry mechanism that resizes the message buffer when this error occurs, allowing the operation to complete successfully.

Impact

The vulnerability could lead to a denial-of-service condition by causing the kernel to enter an error state while processing routing notifications, potentially disrupting network operations.

Reproduction

The vulnerability can be reproduced by sending netlink messages related to IPv6 routing under certain conditions that trigger the RCU protection. This can be done using tools that simulate such network conditions, like 'syzkaller', which is known to have triggered the issue.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.