Linux Kernel skb_header_pointer_careful Vulnerability in cls_u32 Scheduler Component

A vulnerability has been addressed in the Linux kernel's cls_u32 scheduling component. The issue arose because the skb_header_pointer() function did not properly validate negative offset values, leading to a 'slab-out-of-bounds' error. This vulnerability could be exploited by manipulating classification functions, potentially causing memory corruption.

Impact

Exploitation of this vulnerability could lead to memory corruption, as indicated by the 'slab-out-of-bounds' error reported by KASAN (Kernel Address Sanitizer).

Reproduction

The vulnerability can be reproduced by using the u32_classify() function in the cls_u32 scheduler. This function will trigger the 'slab-out-of-bounds' error, indicating that the vulnerability is active.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.