Linux Kernel MPLS Platform Label Handling Vulnerability Leading to Out-of-Bounds Access

A vulnerability in the Linux kernel's MPLS (Multiprotocol Label Switching) implementation can cause out-of-bounds accesses due to an inconsistent view of platform labels during concurrent operations. This issue arises in RCU-protected code paths, such as 'mpls_forward' and 'mpls_dump_routes', which can misinterpret platform label data if a resize operation is occurring. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can be exploited to cause out-of-bounds memory accesses, which may lead to memory corruption or other unintended behavior.

Reproduction

The vulnerability can be reproduced by initiating a concurrent resize of the MPLS platform label table while simultaneously accessing the MPLS routes through the affected RCU-protected code paths. This can create a race condition that exposes the inconsistent state of the platform labels, leading to out-of-bounds accesses.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.