Linux Kernel batman-adv OGM Aggregation Insufficient Tailroom Vulnerability

A vulnerability in the Linux kernel's batman-adv networking component has been addressed. The issue arose during the aggregation of OGM (Originator Message) packets, where the tailroom of a socket buffer (skb) was insufficient to accommodate new data. This could lead to an overflow condition. The vulnerability was introduced when the OGM aggregation state was changed at runtime, allowing packets to be incorrectly aggregated despite inadequate buffer space. The kernel now rejects such aggregation and creates a new forward packet instead, preventing the overflow issue.

Impact

Exploitation of this vulnerability could cause a buffer overflow in the socket buffer, potentially leading to memory corruption or other undefined behavior.

Reproduction

The vulnerability can be reproduced by toggling the OGM aggregation state in the batman-adv protocol while forwarding packets. This will cause some packets to be aggregated without sufficient buffer space, triggering the skb_put overflow condition.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux Kernel Archives.