This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical bug in Linux Kernel's `ti: icssg-prueth` driver. The `emac_dispatch_skb_zc()` function allocates a new socket buffer (`skb`) but **fails to copy** data from the XDP buffer into it.β¦
π‘οΈ **Root Cause**: Two main flaws in the Zero-Copy (ZC) RX path: 1. **Missing Data Copy**: `napi_alloc_skb()` is used, but `skb_copy_to_linear_data()` is missing. Data is never transferred from XDP to `skb`. π« 2.β¦
π **Exploitation Threshold**: **LOW**. - **Auth**: None required (PR:N). π«π - **Config**: Requires the specific TI ICSSG PRUSS driver to be active and processing packets in ZC mode. π οΈ - **UI**: None required.β¦
π **Self-Check**: 1. **Kernel Version**: Check if running a Linux kernel version containing the vulnerable `ti: icssg-prueth` driver before the fix commit. π 2.β¦
π **No Patch Workaround**: 1. **Disable ZC Mode**: If possible, configure the driver to use the non-ZC path (`emac_rx_packet`), which is not vulnerable. π 2.β¦
π₯ **Urgency**: **CRITICAL**. - **CVSS**: 9.8 (High/High/High). π - **Impact**: Memory leak + System corruption. π₯ - **Recommendation**: **Patch Immediately**. This is a severe memory safety issue in a network driver.β¦