CVE-2024-35884: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-35884 is a vulnerability in the Linux kernel's UDP packet handling mechanism discovered in May 2024. The issue occurs when rx-udp-gro-forwarding is enabled and UDP packets might be GROed (Generic Receive Offload) when being forwarded. This vulnerability specifically affects tunneled packets when the endpoint is in another network namespace (Kernel Git).

The vulnerability stems from the UDP GRO (Generic Receive Offload) mechanism's handling of tunneled packets. The issue arises because the socket lookup is performed only in the current network namespace through udp4/6grolookupskb. When packets are destined for a tunnel endpoint in another namespace, they can be incorrectly GROed at the UDP level. This occurs particularly with geneve packets, where after the geneve header is pulled and offsets are adjusted, the fraglist skbs are not properly adjusted, leading to potential misbehavior in skb_fragment (Kernel Git).

The vulnerability can result in various adverse effects, including corrupted packets and kernel crashes. One specific manifestation is a BUGON trigger in skbsegment while processing the fraglist, caused by incorrect gsosize calculations after the geneve header is pulled (Kernel Git).

The issue has been fixed by extending the checks in udpunexpectedgso to ensure that GSO packets lacking the SKBGSOUDPTUNNEL/CSUM bits and landing in a tunnel must be segmented. The fix has been implemented in various Linux kernel versions and is available through distribution-specific updates (Red Hat, Debian).