Linux Kernel IPComp Fallback Tunnel State Management Vulnerability

A vulnerability in the Linux kernel's IPComp (IP Payload Compression Protocol) implementation can lead to improper state management of fallback tunnels. This issue arises because the fallback tunnels are deleted only after the last user state that required them is removed. If a reference to that user state still exists, the fallback state lingers in the hashtables and lists, causing a warning in the state finalization process. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can cause a warning to be triggered during the finalization of XFRM (IPsec) states, indicating that there are still references to user states that should have been cleared. This can lead to delayed or incomplete cleanup of state information, potentially causing issues in network processing or resource management.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.