Linux Kernel Aquantia Atlantic Driver Fragment Overflow Vulnerability Leading to Denial-of-Service

A vulnerability in the Linux kernel's Atlantic network driver can cause a kernel panic by allowing packets with more than 17 fragments to be processed. This issue arises when the driver handles large multi-descriptor packets without properly checking the total number of fragments, leading to an out-of-bounds write. The vulnerability has been observed in production environments using Aquantia AQC113 10G network interface cards.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending large multi-descriptor packets with more than 17 fragments to a system using the affected Atlantic driver on an Aquantia AQC113 10G NIC. The driver will fail to handle the excess fragments properly, causing an out-of-bounds write that leads to a kernel panic.

Remediation

Users can apply the official patch available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel Git repository.