CVE-2024-46763

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description A null pointer dereference vulnerability was found in the Linux kernel's GRO (Generic Receive Offload) handler. The issue occurs when the fou gro receive function is called while shutting down a host, and the sk->sk user data pointer is null. This happens because the udp tunnel sock release function sets sk->sk user data to null when the tunnel socket is destroyed after a single RCU (Read-Copy Update) grace period. As a result, the fou gro receive function may attempt to access the null pointer, leading to a kernel crash.

To mitigate this issue, the rcu dereference sk user data function should be used in fou from sock to ensure that the sk->sk user data pointer is properly referenced. Additionally, null checks should be added to the FOU GRO handlers to prevent the null pointer dereference.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.52 or later. If an update is not possible, consider applying the patch that adds the rcu dereference sk user data function and null checks to the FOU GRO handlers. As a temporary workaround, consider disabling the GRO feature until a patch is available.