CVE-2024-35884

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the handling of UDP packets in the Linux kernel when rx-udp-gro-forwarding is enabled. Specifically, it concerns the case where UDP packets might be GROed (Generic Receive Offload) when being forwarded, and these packets might land in a tunnel, causing various issues. The udp gro receive function is designed to prevent this by looking for a matching socket, but this lookup is performed only in the current network namespace (netns). When the endpoint is in another netns, the packets will be GROed at the UDP level, leading to issues such as corrupted packets or kernel crashes. The problem arises because the gso size is set incorrectly after the geneve header is pulled, causing skb segment to misbehave when processing the fragment list. To address this, the checks in udp unexpected gso have been extended to ensure that GSO packets lacking the SKB GSO UDP TUNNEL/ CSUM bits and landing in a tunnel must be segmented.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.