Date: Thu, 2 May 2019 19:14:30 +0200 From: Andrey Konovalov <andreyknvl@...il.com> To: oss-security@...ts.openwall.com Subject: CVE-2019-11683: "GRO packet of death" issue in the Linux kernel Hi, syzbot has reported a remotely triggerable memory corruption in the Linux kernel. It's been introduced quite recently in e20cf8d3f1f7 ("udp: implement GRO for plain UDP sockets.") and only affects the 5.0 (stable) release (so the name is a bit overhyped :). CVE-2019-11683 description: udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x through 5.0.11 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue. Fix (not yet upstream): https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37 Thanks!
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.