Linux Kernel Router Advertisement Info-Leak Vulnerability via Uninitialized Padding Fields

A vulnerability in the Linux kernel's handling of Router Advertisements with user options can lead to an information leak. When processing these advertisements, the kernel constructs an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg structure includes three padding fields that are not initialized to zero, potentially allowing kernel data to be exposed. This issue has been addressed by modifying the code to zero out the padding fields before the message is sent.

Impact

The vulnerability could lead to unintended exposure of kernel memory, potentially allowing user-space applications to access sensitive information.

Reproduction

The vulnerability can be reproduced by sending Router Advertisements with user options that trigger the RTM_NEWNDUSEROPT netlink message. The uninitialized padding fields in the nduseroptmsg structure will then leak kernel data.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.