Linux Kernel Bridge Component Soft Lockup Vulnerability via Multicast Query Interval Overflow

A vulnerability in the Linux kernel's bridge component can lead to a soft lockup condition. This issue arises when the multicast query interval is set to a large value, causing a local variable in the multicast query handling function to overflow. If the overflowed time value is smaller than the current jiffies, the timer expires immediately and recursively calls the timer modification function. This creates a loop that can cause the CPU to become unresponsive for an extended period. The vulnerability has been observed in Linux kernel versions through 6.16.0.

Impact

Exploitation of this vulnerability causes a soft lockup, where a CPU becomes unresponsive for an extended period, disrupting normal system operations.

Reproduction

The vulnerability can be reproduced by creating a new bridge interface and enabling its multicast querier. Then, set the multicast query interval to a very high value, which will cause the timer to overflow. After bringing the bridge interface up, the soft lockup can be observed.

Remediation

The vulnerability has been addressed in the Linux kernel by adding a maximum limit to the multicast query interval, preventing it from being set to a value that could cause an overflow. Users should upgrade to a version of the Linux kernel that includes this fix.