A critical vulnerability (CVE-2021-46954) in the Linux kernel has recently been resolved. The issue was found in the net/sched module, specifically in the sch_frag component, which is responsible for fragmenting IPv4 packets. The vulnerability could allow attackers to cause a stack out-of-bounds (OOB) read while fragmenting IPv4 packets, potentially leading to unstable system behavior or crashes.

The issue could be observed when the 'act_mirred' function attempts to fragment IPv4 packets that had been previously reassembled using 'act_ct'. In kernels built with Kernel Address Sanitizer (KASAN), stack traces like the following can be logged:

[Insert stack trace here]

To address this vulnerability, the developers modified the temporary variable (struct dst_entry) used for IPv4 packets in the sch_fragment() function, making it similar to what is done for IPv6. This change prevents the out-of-bounds read in the stack from occurring, thus fixing the security issue.

The full patch can be found on the Linux kernel mailing list archive here: [Insert link to original patch or reference]

Users are advised to update their Linux kernel to the latest version to protect against this vulnerability.

[Insert code snippet from patch here]

In conclusion, CVE-2021-46954 is a critical vulnerability in the Linux kernel's net/sched: sch_frag that could cause stack out-of-bounds read while fragmenting IPv4 packets. The issue has been resolved, and users should update their kernel to the latest version to avoid potential security risks. It is essential to keep systems updated and patched to ensure they remain secure against known vulnerabilities.

Timeline

Published on: 02/27/2024 19:04:06 UTC
Last modified on: 04/10/2024 20:15:05 UTC