Linux Kernel D-Link Driver NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's D-Link Ethernet driver can lead to a NULL pointer dereference. This issue arises because the driver fails to properly handle memory allocation errors. Specifically, when the function 'netdev_alloc_skb_ip_align()' fails to allocate memory, the driver still attempts to access 'skb->protocol', which can cause a NULL pointer dereference. The vulnerability has been tested on the D-Link DGE-550T Rev-A3 model.

Impact

The vulnerability can be exploited to cause a NULL pointer dereference, leading to a crash of the network device or potentially allowing for arbitrary code execution in the kernel context, depending on the specific circumstances.

Reproduction

The vulnerability can be reproduced by using the D-Link DGE-550T Rev-A3 network card with a version of the Linux kernel that includes the vulnerable driver. When the network card receives a packet that requires a small 'sk_buff' and the 'netdev_alloc_skb_ip_align()' function fails to allocate the buffer, the driver will dereference a NULL 'skb' pointer, causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The D-Link DGE-550T Rev-A3 model should be specifically mentioned in the upgrade instructions.