Linux Kernel Batman-Adv Integer Overflow Vulnerability in OGM Packet Handling

An integer overflow vulnerability has been identified in the Linux kernel's batman-adv networking component, specifically within the OGM (Optimized Link State Routing) packet handling. The issue arises because the size check in the 'batadv_iv_ogm_aggr_packet' function uses the 'int' type, while the 'buff_pos' variable is defined as 's16'. This mismatch can lead to an out-of-bounds read, potentially allowing for memory corruption or unauthorized data access.

Impact

Exploitation of this vulnerability could result in an out-of-bounds read, which may lead to memory corruption or unauthorized access to sensitive data.

Reproduction

The vulnerability can be reproduced by sending OGM packets that manipulate the 'buff_pos' variable, causing an integer overflow. This can be done by crafting packets that exceed the expected size, exploiting the type mismatch between 'int' and 's16'.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.