Linux Kernel TCPv4 GSO Frag Off Uninitialized Value Vulnerability

A vulnerability in the Linux kernel's handling of TCPv4 Generic Segmentation Offload (GSO) can lead to the use of uninitialized values, causing potential data corruption or undefined behavior. This issue arises in the 'gso_features_check()' function, which is called from 'netif_skb_features()'. The problem was reported by Syzbot, which identified a KMSAN uninitialized-value warning. The vulnerability affects the IPv4 header processing, particularly with packets injected through PF_PACKET paths. The issue has been addressed by modifying the frag_off check to use 'skb_header_pointer()', ensuring a more reliable header read, regardless of whether the data is linear or requires copying.

Impact

Exploitation of this vulnerability can lead to the use of uninitialized values in the TCPv4 GSO handling, potentially causing data corruption or undefined behavior in the network stack.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.