Linux Kernel FOU Attribute IP Protocol Validation Vulnerability

A vulnerability in the Linux kernel's handling of the FOO-over-UDP (FOU) protocol has been addressed. The issue arose because the FOU attribute for the IP protocol (FOU_ATTR_IPPROTO) could be set to 0, leading to a failure in properly managing socket buffers (skb) within the FOU UDP receive function. This oversight prevented the socket buffer from being freed or reprocessed as needed, creating a potential resource management issue. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to improper handling of network packets, potentially causing resource leaks by not freeing socket buffers as required.

Reproduction

The vulnerability could be reproduced by setting the FOU_ATTR_IPPROTO attribute to 0 when configuring FOO-over-UDP. This would cause the FOU UDP receive function to skip freeing the associated socket buffer or resubmitting it for processing, leading to a resource management problem.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux kernel documentation.