5.5

CVE-2026-31420

bridge: mrp: reject zero test interval to avoid OOM panic

In the Linux kernel, the following vulnerability has been resolved:

bridge: mrp: reject zero test interval to avoid OOM panic

br_mrp_start_test() and br_mrp_start_in_test() accept the user-supplied
interval value from netlink without validation. When interval is 0,
usecs_to_jiffies(0) yields 0, causing the delayed work
(br_mrp_test_work_expired / br_mrp_in_test_work_expired) to reschedule
itself with zero delay. This creates a tight loop on system_percpu_wq
that allocates and transmits MRP test frames at maximum rate, exhausting
all system memory and causing a kernel panic via OOM deadlock.

The same zero-interval issue applies to br_mrp_start_in_test_parse()
for interconnect test frames.

Use NLA_POLICY_MIN(NLA_U32, 1) in the nla_policy tables for both
IFLA_BRIDGE_MRP_START_TEST_INTERVAL and
IFLA_BRIDGE_MRP_START_IN_TEST_INTERVAL, so zero is rejected at the
netlink attribute parsing layer before the value ever reaches the
workqueue scheduling code. This is consistent with how other bridge
subsystems (br_fdb, br_mst) enforce range constraints on netlink
attributes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.8 < 6.19.12
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.006
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/c9bc352f716d1bebfe43354bce539ec2d0223b30
Patch
https://git.kernel.org/stable/c/fa6e24963342de4370e3a3c9af41e38277b74cf3
Patch
https://git.kernel.org/stable/c/630a15a31c2034b5b697f4aabc769b9d80d82446
https://git.kernel.org/stable/c/e8ec80430bfa520e7352155d6ac632e527cba7aa