Linux Kernel Nested VLAN Header Validation Vulnerability in act_csum

A vulnerability in the Linux kernel's handling of nested VLAN headers within the 'act_csum' traffic control action has been addressed. The issue arose because the function 'tcf_csum_act()' processed nested VLAN headers directly from the socket buffer's data, without ensuring that the complete VLAN header was available in the linear area. This oversight could lead to reading past the linear area, potentially violating socket buffer invariants. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to a violation of socket buffer invariants, which may cause unexpected behavior in network packet processing.

Reproduction

The vulnerability can be reproduced by sending packets with nested VLAN headers that include in-payload VLAN tags. The 'tcf_csum_act()' function will then attempt to process these headers without proper validation, leading to the described issue.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.