Linux Kernel GSO Frame Transmission Error Handling Vulnerability

A vulnerability in the Linux kernel's handling of Generic Segmentation Offload (GSO) frames can lead to a deadlock in TCP connections. This issue arises when a virtual Ethernet device (veth) simulates GSO and drops some segments, causing the sender to believe that data has not been sent, while the receiver acknowledges receipt of the data. The problem is exacerbated in environments without a queuing discipline (Qdisc), where the protocol layer is not informed of device errors. This vulnerability has been addressed in the Linux kernel stable tree.

Impact

The vulnerability can cause TCP connections to stall indefinitely, as the sender and receiver become desynchronized in their acknowledgment of transmitted data.

Reproduction

The vulnerability can be reproduced using the 'udpgro_frglist.sh' and 'udpgro_bench.sh' tests, which are part of the Linux kernel's networking performance assessment suite. These tests use a virtual Ethernet device to simulate UDP Generic Receive Offload (GRO) and can trigger the issue by creating a scenario where GSO frames are transmitted, some segments are dropped, and the resulting acknowledgment mismatch causes the TCP connection to stall.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.