Linux Kernel Macsec Feature Synchronization Vulnerability Leading to Device Lock

A vulnerability in the Linux kernel's MACsec implementation can cause lower network devices to become locked when synchronizing features via the ETHTOOL_SFEATURES command. This issue arises because the features of lower devices can become unsynchronized with those of upper devices, leading to a deadlock situation. The vulnerability has been addressed by ensuring that the lower device has the correct features after a MACsec link is established, preventing the need to manually sync features between upper and lower devices.

Impact

The vulnerability can cause network devices to become unresponsive or locked, disrupting normal network operations.

Reproduction

The vulnerability can be reproduced by using the Syzkaller fuzzer, which sends an ETHTOOL_SFEATURES command that locks the lower device. This creates a situation where the features of the upper and lower devices are out of sync, causing the lower device to become stuck and unresponsive.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.