Ian Kumlien

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.8.0-rc4+ **Description** A vulnerability in the Linux kernel has been resolved, related to the handling of pages from page pool in the esp output function. When the skb is reorganized during esp output, the pages coming from the original skb fragments are supposed to be released back to the system through put page. However, if the skb fragment pages are originating from a page pool, calling put page on them will trigger a page pool leak, which can eventually result in a crash. This leak can be easily observed when using CONFIG DEBUG VM and doing ipsec + gre (non offloaded) forwarding. **Recommendations** To resolve this issue, introduce a new wrapper (skb page unref) that covers page refcounting for page pool pages. This fix should be applied to all Linux kernel versions prior to 6.8.0-rc4+. As a temporary workaround, consider disabling the `esp output` function until a patch is available. Restrict access to the vulnerable module `ip gre` to minimize the risk of exploitation. Avoid using the `page pool` parameter in the affected API endpoint until the issue is resolved.