Linux Kernel UDP Socket 4-Tuple Hash Table Unhash Vulnerability

A vulnerability in the Linux kernel's UDP implementation has been addressed. When a UDP socket is bound to a wildcard address with a non-zero port and then connected and subsequently disconnected from an address, the socket is not properly removed from the 4-tuple hash table. This issue leaves behind a 'garbage' entry that does not receive any packets. The vulnerability arises because the disconnection process does not update the hash table correctly, allowing for potential misrouting or loss of UDP packets.

Impact

The vulnerability could lead to improper handling of UDP packets, causing them to be lost or misrouted, which could disrupt network communications or application functionality that relies on UDP.

Reproduction

To reproduce this vulnerability, bind a UDP socket to the wildcard address with a non-zero port. Then, connect the socket to an address and subsequently disconnect it. The disconnection process will leave the socket in a state where it is still referenced in the 4-tuple hash table, but no packets are actually delivered to it, creating a 'garbage' entry that can disrupt normal UDP operations.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.