Linux Kernel virtio_net Misalignment Vulnerability in virtnet_info Structure

A misalignment vulnerability has been identified in the Linux kernel's virtio_net component, specifically within the virtnet_info structure. This issue arises from the improper placement of a flexible array member, which can lead to the incorrect handling of data. The vulnerability affects several versions of the Linux kernel.

Impact

The misalignment causes the RSS key transmitted to the device to be incorrectly formatted, with the last byte being truncated and an uninitialized byte potentially added at the beginning. This could lead to undefined behavior or incorrect processing of the RSS key by the device.

Reproduction

The vulnerability can be reproduced by using a version of the Linux kernel that includes the misalignment issue in the virtio_net component. The problem arises when the RSS configuration is handled, as the flexible array member in the virtnet_info structure is not properly aligned due to padding issues. This misalignment can be observed by examining the offsets of the relevant structure members, which reveal the incorrect alignment by one byte.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. The specific commit fixing the issue is available in the Linux kernel stable tree.