Linux Kernel VXLAN ND Option Length Validation Vulnerability

A vulnerability exists in the Linux kernel's handling of Neighbor Discovery (ND) options within the Virtual Extensible LAN (VXLAN) module. The issue arises in the function 'vxlan_na_create()', which processes ND options based on the lengths specified by the options themselves. A malformed option can cause the parser to read beyond the intended length or to misinterpret the source Link-Layer Address (LLADDR) option. This vulnerability can be exploited by sending crafted ND options that bypass the current validation, potentially leading to incorrect behavior in network communication.

Impact

Improper validation of ND option lengths can cause the parser to read beyond the intended boundaries, leading to memory management issues. This could be exploited to manipulate network traffic or cause unexpected behavior in network applications that rely on VXLAN.

Reproduction

The vulnerability can be reproduced by sending Neighbor Solicitation messages with crafted ND options that include malformed lengths. The 'vxlan_na_create()' function will process these options, allowing the parser to advance beyond the intended limits or misinterpret the LLADDR option if it is too short.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The official Linux kernel Git repository includes the patched version.