Linux Kernel Netfilter ARP Tables IEEE1394 Payload Parsing Vulnerability

A vulnerability in the Linux kernel's netfilter component affects ARP payload parsing over IEEE1394 (FireWire) interfaces. The issue arises because the ARP implementation for IEEE1394 omits the target hardware address, leading to incorrect data being read and processed. This misalignment causes arptables rules to match against invalid data, potentially disrupting packet filtering decisions. The vulnerability is present in the Linux kernel stable group.

Impact

The vulnerability can cause packet filtering rules to misinterpret ARP data, leading to incorrect decisions about which packets to accept or drop. This could disrupt network communication by improperly handling ARP requests or responses over IEEE1394 interfaces.

Reproduction

The vulnerability can be reproduced by applying ARP filtering rules using iptables on a system with an IEEE1394 network interface. The rules will incorrectly match ARP packets, leading to improper filtering based on the corrupted payload data.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux documentation.