Linux Kernel Bonding Driver BOND_MODE_8023AD Ethernet Device Restriction Vulnerability

A global out-of-bounds vulnerability has been identified in the Linux kernel bonding driver, specifically related to the BOND_MODE_8023AD feature. This mode is intended for Ethernet devices only. The vulnerability arises when BOND_MODE_8023AD is applied to non-Ethernet devices, leading to a memory access error. The issue was reported by syzbot, which detected a read of size 16 from an invalid memory address, indicating a violation of memory access rules. The problem occurs in the bonding driver when it attempts to enslave a non-Ethernet device under 8023AD mode, causing a kernel memory safety issue.

Impact

Exploitation of this vulnerability leads to a global out-of-bounds memory access, which can potentially be exploited to cause a use-after-free condition or to overwrite memory, allowing for arbitrary code execution or escalation of privileges.

Reproduction

To reproduce this vulnerability, create a network device that is not an Ethernet type and configure it to use the bonding driver with BOND_MODE_8023AD. The bonding driver will incorrectly allow this configuration, leading to the out-of-bounds memory access when the system tries to manage the device.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version of the stable Linux kernel where this issue has been addressed.