The Linux kernel ibmveth driver is susceptible to a denial-of-service condition on IBM Power systems when processing specific packet types, leading to network outages.

This is a denial-of-service vulnerability where the driver fails to properly handle segmentation offload for packets with a Maximum Segment Size (MSS) less than 224 bytes. This results in the physical adapter freezing and dropping all network traffic.

With a CVSS score of 8.6, this vulnerability poses a high risk to business continuity for organizations running IBM Power systems. A successful exploit or accidental trigger leads to a complete loss of network connectivity for affected systems, resulting in significant downtime for services relying on those network paths.

Immediate Action: Apply the vendor-provided kernel patch that implements ndo_features_check to correctly disable GSO for packets with an MSS less than 224 bytes.

Proactive Monitoring: Monitor system performance logs and network interfaces for signs of interface resets or unexpected drops in throughput.

Compensating Controls: If patching is delayed, evaluate network traffic patterns to determine if traffic with small MSS values can be rerouted or filtered to avoid triggering the defect.

Public Exploit Available: False

System administrators managing IBM Power infrastructure should prioritize testing and deploying the kernel update to ensure network stability. Addressing this flaw is essential to preventing unplanned outages caused by the driver's inability to process specific packet sizes.