Linux Kernel Team Device Type Change Vulnerability in Team Port Addition

A vulnerability exists in the Linux kernel's handling of team devices, specifically during the process of adding port devices. When a port device that is already active is added to a team device, the operation fails as expected. However, this failure occurs after the team device's header operations are inadvertently modified. This issue can lead to a situation where the private data of the device becomes corrupted, causing a hang or a bug. The vulnerability has been reproduced using a sequence of commands that involve creating a team device, adding a GRE device as a port while it is still up, and then pinging the team device, which triggers the problem.

Impact

The vulnerability can cause a hang or a bug in the system by disrupting the expected handling of network device types, leading to potential mismanagement of network operations.

Reproduction

To reproduce this vulnerability, first create a team device named 'team0'. Then, create a GRE device named 'gre0' and set it to an 'up' state. After that, add 'gre0' as a port to 'team0', which will modify 'team0's' header operations. Finally, set 'team0' to 'up' and attempt to ping it, which will result in a hang or bug due to the corrupted device type handling.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux documentation.