Linux Kernel IPv6 Tunnel Headroom Growth Vulnerability

A vulnerability in the Linux kernel's IPv6 tunneling implementation can lead to unbounded growth of the needed headroom for network devices. Unlike the IPv4 tunneling, which has a controlled headroom adjustment, the IPv6 counterpart increases headroom indefinitely. This issue has been addressed by introducing a cap on the headroom growth, similar to the limitation already in place for IPv4.

Impact

The vulnerability could cause excessive and uncontrolled growth of the headroom requirement for IPv6 tunnels, potentially leading to performance issues or resource exhaustion.

Reproduction

The vulnerability can be reproduced by creating an IPv6 tunnel that continuously increases the headroom requirement without any limit. This can be done by sending packets through the tunnel that require additional headroom, such as those with large headers or payloads.

Remediation

Users can update to the latest version of the Linux kernel where this issue has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.