In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback NETIF_F_IPV6_CSUM only advertises support for checksum offload of packets without IPv6 extension headers. Packets with extension headers must fall back onto software checksumming. Since TSO depends on checksum offload, those must revert to GSO. The below commit introduces that fallback. It always checks network header length. For tunneled packets, the inner header length must be checked instead. Extend the check accordingly. A special case is tunneled packets without inner IP protocol. Such as RFC 6951 SCTP in UDP. Those are not standard IPv6 followed by transport header either, so also must revert to the software GSO path.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Type: Secondary
Exploitability Score: 3.9
Impact Score: 3.6
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b70374080> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b703778c0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bde165ec0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcc9b3980> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b70377e80> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc130480> | Operating System |
| linux | linux_kernel | 6.17 | <built-in method update of dict object at 0x702b70376940> | Operating System |
| linux | linux_kernel | 6.17 | <built-in method update of dict object at 0x702bde166fc0> | Operating System |
| linux | linux_kernel | 6.17 | <built-in method update of dict object at 0x702bde164e40> | Operating System |
| linux | linux_kernel | 6.17 | <built-in method update of dict object at 0x702b70374180> | Operating System |
| linux | linux_kernel | 6.17 | <built-in method update of dict object at 0x702bdc6a7040> | Operating System |
| linux | linux_kernel | 6.17 | <built-in method update of dict object at 0x702bde167c40> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702b703765c0> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bfc130640> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bde1651c0> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bde166000> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bfc2a6280> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.17:rc5:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.17:rc6:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.17:rc7:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* |