Linux Kernel XDP TX Timestamp Handling Page Fault Vulnerability

A vulnerability in the Linux kernel's handling of XDP (eXpress Data Path) TX (transmit) timestamps has been addressed. When an XDP application that requested TX timestamping is shutting down while the network interface link is still active, a kernel error occurs, indicating an inability to manage a page fault. This issue arises because, during the shutdown of the TX ring, pointers to XDP metadata are left unresolved, causing the interrupt handler to attempt to access them, leading to a page fault. The vulnerability affects the Intel IGC network driver.

Impact

The vulnerability can cause a kernel panic due to an unhandled page fault, disrupting system operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, an XDP application must be deployed that requests TX timestamping. While the application is running and the network interface link is active, the XDP application should be shut down. This sequence will trigger a kernel panic by causing an unhandled page fault, as the TX shutdown process leaves behind unresolved pointers that the interrupt handler attempts to access.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.