Linux Kernel BPF GSO Type Validation Vulnerability

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) implementation has been addressed. This issue allowed the BPF test infrastructure to generate packets with invalid Generic Segmentation Offload (GSO) types, which were then sent through the loopback device. The malformed GSO properties triggered a warning that GSO-related features were disabled, potentially disrupting normal packet processing. The vulnerability arose because the function converting BPF's internal representation of packets to the standard format did not properly set the GSO type, leading to inconsistencies that could be exploited. The issue has been fixed by adding a check to prevent BPF from emitting packets with unset GSO types, ensuring that only valid GSO information is processed.

Impact

Exploitation of this vulnerability could lead to improper handling of network packets, causing GSO features to be incorrectly disabled. This could disrupt performance optimizations related to packet segmentation and transmission, potentially leading to degraded network performance or increased CPU usage.

Reproduction

The vulnerability can be reproduced by using a fuzzer tool that targets the BPF test infrastructure. This tool can be configured to send packets through the BPF program with invalid GSO types, which will then be redirected to the loopback device. The resulting offload warning will indicate that the vulnerability has been successfully triggered.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel's official website.