Linux Kernel Open vSwitch Tunnel Netdev Reference Management Vulnerability

A vulnerability in the Linux kernel's Open vSwitch component relates to improper management of network device references in tunnel destruction routines. Specifically, the function 'ovs_netdev_tunnel_destroy()' may execute after the network device has already been detached, leading to a race condition. This issue can cause the netdev reference to be dropped prematurely, creating a conflict with other processes that still reference the virtual port's device. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can lead to a race condition, where the timing of events can be manipulated, potentially causing inconsistent states in the network device management. This could disrupt normal operations of the Open vSwitch component, which is critical for network virtualization and management in Linux environments.

Reproduction

The vulnerability can be reproduced by creating a scenario where an Open vSwitch tunnel is destroyed after the associated network device has been unregistered. This can be done by manually detaching the device and then invoking the 'ovs_netdev_tunnel_destroy()' function, which will attempt to access the device reference that has already been removed, causing a race condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is '42f0d3d81209654c08ffdde5a34b9b92d2645896', which is included in the official Linux kernel repositories.