| The vulnerability in question occurs in the `tcf_skbmod_act()` function, which is part of the Linux kernel's traffic control subsystem. This function assumes that packets use Ethernet as their Layer 2 (L2) protocol, but this assumption is not always correct. For example, CAN (Controller Area Network) devices do not use Ethernet as their L2 protocol. |
| |
| When a packet is processed by `tcf_skbmod_act()`, it may be silently corrupted if the packet does not use Ethernet as its L2 protocol. This can occur when using certain `tc` commands to configure traffic control on a CAN device, such as setting up an `htb` qdisc (queueing discipline) and adding a filter with an `skbmod` action. |
| |
| To fix this vulnerability, the Linux kernel has been updated to skip performing skbmod actions for non-Ethernet packets. This change was introduced in various kernel versions, including 4.19.199, 5.4.136, 5.10.54, 5.13.6, and 5.14. |
| |
| The affected file is `net/sched/act_skbmod.c`, and the fix involves checking the packet's protocol type before performing skbmod actions. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported in isolation. |
| |
