Linux Kernel Net Shaper Late Hierarchy Creation Vulnerability

A vulnerability in the Linux kernel's net shaper implementation can lead to a hierarchy creation leak. During the preparation of Netlink operations, a reference to a network device (netdev) is taken. However, the netdev may be unregistered before the reference is locked, potentially causing a leak if the hierarchy is allocated after a flush operation. This vulnerability affects the Linux kernel stable tree.

Impact

This vulnerability can cause a memory leak by improperly managing the hierarchy of network shapers, which could lead to increased memory usage and potential performance degradation.

Reproduction

The vulnerability can be reproduced by creating a network shaper operation that involves a netdev which is then unregistered before the operation is completed. This can be done by initiating a Netlink operation that requires locking the netdev, but allowing a flush operation to run in between, causing the hierarchy allocation to leak.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for updating the Linux kernel can be found in the official Linux documentation.