Linux Kernel VLAN ID Validation Vulnerability in net: hns3 Component

A vulnerability exists in the Linux kernel's handling of VLAN IDs within the net: hns3 component. The issue arises because VLAN IDs can be used without proper validation when a VLAN configuration mailbox is received from a virtual function (VF). This lack of validation can lead to out-of-bounds memory access, particularly when the VLAN ID is greater than or equal to the maximum number of VLAN IDs (VLAN_N_VID). To address this, the VLAN ID must be checked to ensure it falls within the valid range before use.

Impact

Exploitation of this vulnerability can lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a VLAN configuration mailbox from a virtual function to a device using the net: hns3 driver, without a valid VLAN ID. This will trigger the out-of-bounds memory access issue.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.