CVE-2022-50764

In the Linux kernel, the SIT (Simple Internet Transition) tunnel driver has a data race vulnerability. Because SIT tunnels are marked NETIF_F_LLTX, their ndo_start_xmit() function is not protected by a spinlock. This allows multiple CPUs to concurrently update dev->stats.tx_error and other device statistics, leading to incorrect error counts.

The vulnerability can be triggered by transmitting packets through an SIT tunnel from multiple CPU cores simultaneously. No special privileges are required beyond the ability to send packets over an SIT interface. The same issue exists on the receive path, where dev->stats.rx_errors can also be corrupted.

An attacker exploiting this data race could cause the kernel to report inaccurate network statistics. While this does not directly lead to code execution or privilege escalation, it can degrade monitoring and accounting, potentially masking other issues. The fix uses DEV_STATS_INC() which provides atomic increments to avoid the race.

The patches addressing this vulnerability have been applied to the stable kernel branches. Users are advised to update to the latest kernel version to mitigate the issue.