Linux Kernel virtio_net Device Mismatch Vulnerability in Resource Management Functions

A vulnerability has been identified in the Linux kernel's virtio_net component, related to improper management of device resources. The issue arises because the initial allocation of the RSS header uses the virtio_device's device reference, while the deallocation in the virtnet_set_queues function uses the net_device's device reference. This mismatch triggers a warning from the device resource management system, indicating a potential issue that could be exploited.

Impact

The vulnerability can lead to a warning being generated by the device resource management system, indicating a mismatch in resource allocation and deallocation. This could potentially be exploited to cause unintended behavior in the virtio_net component.

Reproduction

The vulnerability can be reproduced by adding a virtio device that supports RSS (Receive Side Scaling) to a network interface. When the device is probed, the virtio_net component allocates an RSS header using the virtio_device's device reference. However, when the network interface's queue configuration is updated, the virtio_net component incorrectly frees the RSS header using the net_device's device reference. This discrepancy creates a mismatch that triggers a warning about the improper handling of device resources.

Remediation

The vulnerability has been addressed by modifying the virtio_net component to use the virtio_device's device reference consistently for both allocation and deallocation of the RSS header. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.