CVE-2024-35973

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.0

Description The issue arises from the difference in how ip tunnel helpers and pskb inet may pull() handle the skb->protocol. While most ip tunnel helpers use skb protocol(skb, true), pskb inet may pull() only uses skb->protocol. If anything other than ETH P IPV6 or ETH P IP is found in skb->protocol, pskb inet may pull() does nothing. This can lead to issues when a vlan tag is provided by the caller, as the network header might not point to the correct location, and the skb linear part could be smaller than expected. The addition of skb vlan inet prepare() is intended to perform a complete mac validation to address this problem.

Recommendations To resolve the issue, update the Linux kernel to version 6.9.0 or later. If updating is not feasible, consider applying the patch that adds skb vlan inet prepare() to perform complete mac validation. As a temporary workaround, consider disabling the geneve module until a patch is available.