Linux Kernel GUE Packet Processing Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's handling of Generic UDP Encapsulation (GUE) packets with an inner IP protocol of 0. This issue arises because the GUE reception function, 'gue_udp_recv()', incorrectly processes protocol 0, which is valid for IPv6 Hop-by-Hop Options. The vulnerability leads to unreferenced objects remaining in memory, causing a leak. The issue was reported by syzbot, which generated a GUE packet with protocol 0, revealing the flaw in memory management.

Impact

Exploitation of this vulnerability causes a memory leak by leaving unreferenced objects in memory, which can lead to increased memory usage and potential exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by sending a GUE packet with the inner protocol set to 0. This can be done using a tool like 'syzkaller', which is designed to fuzz test the Linux kernel. The 'gue_udp_recv()' function will return an error for protocol 0, but the packet will still be processed, leading to a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is '9a56796ad258786d3624eef5aefba394fc9bdded', which is available in the Linux kernel Git repository.