Linux Kernel Team Driver NETDEV_CHANGEMTU Event Handling Vulnerability

A vulnerability in the Linux kernel's team device driver has been addressed. The issue arose because the driver did not properly manage the NETDEV_CHANGEMTU event when unregistering slave devices, leading to a resource management problem. This vulnerability was reported by syzbot, which indicated that a net device was not being released as expected, causing a usage count issue. The problem was similar to one previously identified and fixed in the bonding driver.

Impact

The vulnerability could lead to improper handling of network device events, potentially causing resource management issues such as devices not being unregistered correctly, which can disrupt network operations.

Reproduction

The vulnerability can be reproduced by creating a team device and adding a dummy device as a slave. Then, remove the dummy device from its namespace, which triggers the unregistration process. This sequence of actions will expose the issue by causing a delay in freeing the net device, as reported by syzbot.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree. Users can upgrade to the latest version to address this issue.