Linux Kernel Loopback IPv6 Nexthop Misclassification Vulnerability Causes Panic

A vulnerability in the Linux kernel's IPv6 routing handling can lead to a system panic. This issue arises when a standalone IPv6 nexthop object is created using a loopback device. The function responsible for initializing the nexthop misclassifies it as a reject route, due to the absence of a destination prefix. As a result, when an IPv4 route later references this nexthop, the system attempts to dereference a null pointer, causing a panic. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability causes a system panic, disrupting normal operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, create a standalone IPv6 nexthop object with a loopback device using the appropriate command. This misclassification as a reject route can be verified by later referencing this nexthop in an IPv4 route, which will trigger the system panic by attempting to dereference a null pointer.

Remediation

The vulnerability has been addressed in the official Linux Git repository. Users should upgrade to the latest version.