Linux Kernel Open vSwitch NSH Field Handling Vulnerability Causes Kernel Crash

A vulnerability in the Linux kernel's Open vSwitch component related to the handling of Network Service Header (NSH) fields has been identified. The issue arises from the 'set(nsh(...))' action, which has a flawed validation process that leads to a kernel crash. This action's memory layout differs significantly from other NSH handling methods, causing nested attributes to be improperly processed, especially when masks are involved. The validation error triggers a NULL pointer dereference, resulting in a crash. This vulnerability affects Linux kernel versions through 6.17.0-rc4.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference, disrupting system operations and potentially causing a denial of service.

Reproduction

The vulnerability can be reproduced by using the Open vSwitch 'set(nsh(...))' action in a flow configuration. This action will be improperly validated, leading to a crash. The issue can be observed by monitoring the system's kernel logs, where the crash will be recorded as a NULL pointer dereference error, indicating the vulnerability has been triggered.

Remediation

The vulnerable 'set(nsh(...))' functionality has been removed in the latest Linux kernel updates. Users should upgrade to the patched version to eliminate this vulnerability.