Linux Kernel PF_KEY Family Validation Vulnerability in Migration Function Causes Denial-of-Service

A denial-of-service vulnerability has been identified in the Linux kernel's PF_KEY implementation. The issue arises in the 'pfkey_send_migrate' function, which fails to properly validate old and new family arguments. This oversight allows the 'set_ipsecrequest' function to truncate the family argument, potentially leading to a buffer overflow in the socket buffer (skb). The vulnerability was triggered by syzbot, causing a kernel crash due to a buffer overrun error. The problem has been addressed by implementing early validation of family arguments before they are processed by 'set_ipsecrequest'.

Impact

Exploitation of this vulnerability leads to a kernel crash, causing a denial-of-service condition on the affected system.

Reproduction

The vulnerability can be reproduced by invoking the 'pfkey_send_migrate' function with invalid family arguments. This can be done by creating a migration request that includes truncated or incorrect family values, which will then be processed by 'set_ipsecrequest'. The resulting buffer overflow in the socket buffer will trigger a kernel panic, causing the system to crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.