A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if ‘MAX_SKB_FRAGS + 1’ parameter and ‘NETIF_F_FRAGLIST’ feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system.

Mitigation

Red Hat recommends blacklisting the kernel module to prevent its use. This will prevent accidental version loading by administration and also mitigate the flaw if a kernel with the affected module is booted.

As the macsec module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:
Raw

echo "install macsec /bin/true" >> /etc/modprobe.d/disable-macsec.conf

If macsec functionality is in use as a functional part of the system a kernel upgrade is required.