Linux Kernel ip6 GRE Header Processing Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in the Linux kernel's IPv6 GRE (Generic Routing Encapsulation) handling. This issue arises in versions prior to the latest patch and is related to the dynamic management of header lengths by certain network drivers. The vulnerability was exposed when the multicast listener discovery (MLD) protocol attempted to send a packet without sufficient header space. This misallocation allowed for the attachment of an ip6 GRE device, leading to a kernel crash.

Impact

Exploitation of this vulnerability causes a kernel crash, disrupting system operations and potentially leading to a state where the system must be manually rebooted to restore functionality.

Reproduction

The vulnerability can be reproduced by using a team or bonding network driver that dynamically adjusts its header requirements. When the MLD protocol sends a packet, the driver can attach an ip6 GRE device without the necessary header space, causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.