Linux Kernel RDMA/Irdma Invalid Read Vulnerability in Net Event Handling

A vulnerability has been identified in the Linux kernel's RDMA/Irdma component, specifically within the event handling for network neighbor updates. The issue arises because the event handler, 'irdma_net_event', improperly dereferences a pointer to the neighbor structure before verifying the event type. This can lead to an invalid memory read, particularly when the event is not a neighbor update, potentially causing a stack-out-of-bounds error. While the vulnerability is mostly benign, it activates the Kernel Address Sanitizer (KASAN) on debug kernels, indicating a memory safety issue.

Impact

Exploitation of this vulnerability causes a stack-out-of-bounds memory read, which can lead to undefined behavior or memory corruption.

Reproduction

The vulnerability can be reproduced by triggering the 'irdma_net_event' function with an event that is not 'NETEVENT_NEIGH_UPDATE'. This can be done by simulating a network event that is handled by the RDMA/Irdma driver, ensuring that the event does not correspond to a neighbor update. The improper handling will cause the function to read from an invalid memory location, demonstrating the vulnerability.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the official Linux Git repository. Instructions for downloading the latest stable kernel can be found in the repository's documentation.