Linux Kernel Bonding Driver __skb_flow_dissect Net Pointer Vulnerability

A vulnerability exists in the Linux kernel bonding driver related to the handling of network flow dissection. After a change that integrated network namespaces into the flow dissection process, the bonding driver must provide a network pointer to the __skb_flow_dissect() function. This can be done through the socket buffer's device or socket, or via a user-supplied pointer. However, the bonding driver was found to be sending an empty socket buffer, which triggered a warning and a stack trace indicating the issue.

Impact

The vulnerability can lead to improper flow dissection, potentially causing issues in packet processing or network performance.

Reproduction

The vulnerability can be reproduced by using the bonding driver with a configuration that triggers the flow dissection process without providing a valid network pointer. This can be done by setting the bonding driver's transmit policy to layer 3+4 mode, which will invoke the flow dissection function with an empty socket buffer, missing the required network context.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.