Linux Kernel CPSW Driver Work Queue Vulnerability

A vulnerability has been identified in the Linux kernel's CPSW (Ethernet) driver, specifically in versions prior to the latest patch. The issue arises from a change in how multicast group membership is managed over IPv6, which inadvertently removed a necessary lock. This alteration led to a failure in the VLAN processing, causing an assertion error. The problem can be reproduced by reverting to an older version of the CPSW driver on a BeagleBone Black board, which triggers the error when the system attempts to process multicast group additions without the proper lock in place.

Impact

The vulnerability causes a denial-of-service condition by triggering an assertion failure, which can disrupt normal network operations and processing.

Reproduction

To reproduce this issue, manually revert the changes to the 'am335x-bone-common.dtsi' file from a specific commit that introduced a new CPSW switch driver. This will restore the legacy CPSW driver, which is susceptible to the vulnerability. Once the old driver is in place, the issue will manifest as a warning about a missing RTNL lock, indicating that the driver is not handling multicast group memberships correctly, which can lead to network disruptions.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel documentation.