Andy Roulin

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A kernel panic can occur in the br netfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in br nf dev queue xmit. The issue is dependent on the br netfilter module being loaded, net.bridge.bridge-nf-call-iptables set to 1, a bridge with a VxLAN netdevice as a bridge port, and untagged frames with size higher than the VxLAN MTU forwarded or flooded. The crash occurs because the ip dst mtu function tries to use the skb dst(skb) as if it was a valid dst with valid dst->dev. Recommendations: Update to Linux kernel version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the br netfilter module or restricting the use of VxLAN devices to minimize the risk of exploitation.