Linux Kernel GVE Driver Statistics Reporting Vulnerability

A vulnerability in the Linux kernel's Google GVE driver can lead to memory corruption and incorrect statistics reporting. This issue arises because the driver and the Network Interface Card (NIC) share a memory region for statistics reporting. When the number of queues changes, the driver's statistics region is resized. An increase in queue count can cause the NIC to write beyond the allocated memory, while a decrease creates a gap in statistics reporting. The vulnerability affects the Linux kernel stable tree, specifically in versions prior to the latest commit that addresses this issue.

Impact

The vulnerability can cause memory corruption and incorrect statistics reporting between the driver and the NIC.

Reproduction

To reproduce this vulnerability, change the queue count in the GVE driver. Increasing the queue count will allow the NIC to write past the allocated statistics region, causing memory corruption. Decreasing the queue count will create a gap in the statistics reporting, leading to incorrect data being reported.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version to apply the fix.