CVE-2023-52796

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.52-syzkaller

Description The vulnerability is related to the ipvlan module in the Linux kernel. It was discovered through syzbot reports using a stack of multiple ipvlan devices. The issue arises from the need to reduce the stack size required in ipvlan process v6 outbound() by moving the flowi6 struct used for route lookup into a non-inlined helper, ipvlan route v6 outbound(). This helper needs 120 bytes on the stack, which is immediately reclaimed. Additionally, ipvlan process v4 outbound() should not be inlined. The vulnerability might also necessitate lowering MAX NEST DEV because only syzbot uses setups with more than four stacked devices.

Recommendations To resolve the issue for Linux kernel versions prior to 6.1.52-syzkaller, update to a version that includes the fix for the ipvlan module, specifically the addition of the ipvlan route v6 outbound() helper and ensuring ipvlan process v4 outbound() is not inlined. If updating is not immediately possible, consider temporarily disabling the use of stacked ipvlan devices to minimize the risk of exploitation.