Linux Kernel eBPF Program Pointer Reset Vulnerability in MediaTek Ethernet Driver

A vulnerability exists in the Linux kernel's MediaTek Ethernet driver, specifically within the XDP (eXpress Data Path) setup function. When an error occurs during the initialization of the XDP program, the driver fails to properly manage the reference count of the eBPF program pointer. This oversight can lead to memory management issues, as the pointer is not correctly reverted to its previous state, potentially causing resource leaks or other unintended behaviors.

Impact

This vulnerability can cause improper memory management by failing to correctly handle the reference count of eBPF program pointers, leading to potential resource leaks or other memory-related issues.

Reproduction

To reproduce this vulnerability, load a MediaTek Ethernet device driver that supports XDP. Then, attempt to set up an XDP program using the 'mtk_xdp_setup' function. If the 'mtk_open' routine fails, the eBPF program pointer will not be correctly reset to its previous state, and its reference count will not be properly managed, creating a vulnerability.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.