Linux Kernel Integer Overflow Vulnerability in RXRPC RXGK Response Verification

A vulnerability in the Linux kernel's RXRPC subsystem has been addressed, specifically in the RXGK response verification function. The issue was an integer overflow risk caused by rounding up the token length before performing a proper length check. This flaw could potentially allow the length validation to be circumvented. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to an integer overflow, allowing for a bypass of the length check in the RXGK response verification process.

Reproduction

To reproduce this vulnerability, the RXGK response verification function must be invoked with a token length that, when rounded up, exceeds the actual length of the response. This can be achieved by manipulating the token length in a way that exploits the rounding behavior, creating a scenario where the length check is improperly validated.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.