The Linux kernel's XDP (eXpress Data Path) feature allows for faster processing of network packets. However, a race condition was discovered in the veth module, which can lead to unexpected behavior and potentially allow an attacker to execute arbitrary code.
This vulnerability affects the Linux kernel's veth module, specifically versions prior to commit 401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT."). The exact version range affected is not specified in the advisory. To check if you're affected, run the command git kernel.org: https://git.kernel.org/stable/c/a14602fcae17a3f1cb8a8521bedf31728f9e7e39 or git kernel.org: https://git.kernel.org/stable/c/c1ceabcb347d1b0f7e70a7384ec7eff3847b7628 and look for the commit hash.
To fix this vulnerability, you can apply the patch from the commit 401cb7dae813. You can find the patch on the Linux kernel's Git repository: https://git.kernel.org/stable/c/401cb7dae813
Immediate mitigations:
Note: Upgrading to a newer version of the Linux kernel is recommended, but it may not be feasible in all cases. In such scenarios, applying the patch from the commit 401cb7dae813 can provide temporary protection.