IPV6-Glass Linux Vulnerable to 0-Day Attack

A new vulnerability in the Linux kernel has been discovered. Interruptlabs.co.uk has disclosed the existence of a 0-day problem in the Linux kernel which enables attackers to stop the operation of a system via specially-designed IPV6 packages. The faulty code identified in the kernel allows for attackers to send a Packet-OF-Death by exploiting the protocol RPL (Routing Protocol for Low-power and Lossy Networks) if activated. RPL is mainly used in-built wireless devices that operate in networks with high packet loss.

The vulnerability is caused by incorrect parsing code in the RPL protocol. It leads to a panic state of the kernel when attackers send IPV6 RPL packages that have a CMPRI field set to 15 and a Segleft field value of 1. This results in a memory buffer overflow, triggering the Panic state and leading to a system shutdown.

An example of an exploit using Scapy is also provided. The kernel developers were made aware of the vulnerability in January 2022 and released patches in September 2022, October 2022, and April 2023. However, none were effective, and the vulnerability persisted. The Zero Day Initiative (ZDI) project has made the details of the vulnerability public without waiting for the development and release of a working fix. The patch that was added to the kernel version 6.4-RC2 was also found to be ineffective.

Users are advised to check if the RPL protocol is used on their systems using the command and ensure that they are not using an affected version of the Linux kernel.

/Reports, release notes, official announcements.