[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2019-11683: "GRO packet of death" issue in the Linux kernel
From:       Greg KH <greg () kroah ! com>
Date:       2019-05-05 13:18:23
Message-ID: 20190505131823.GE25640 () kroah ! com
[Download RAW message or body]

On Thu, May 02, 2019 at 07:14:30PM +0200, Andrey Konovalov wrote:
> Hi,
> 
> syzbot has reported a remotely triggerable memory corruption in the
> Linux kernel. It's been introduced quite recently in e20cf8d3f1f7
> ("udp: implement GRO for plain UDP sockets.") and only affects the 5.0
> (stable) release (so the name is a bit overhyped :).
> 
> CVE-2019-11683 description:
> 
> udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel
> 5.x through 5.0.11 allows remote attackers to cause a denial of
> service (slab-out-of-bounds memory corruption) or possibly have
> unspecified other impact via UDP packets with a 0 payload, because of
> mishandling of padded packets, aka the "GRO packet of death" issue.
> 
> Fix (not yet upstream):
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37

Now fixed in the 5.0.13 kernel release.

thanks,

greg k-h
[prev in list] [next in list] [prev in thread] [next in thread]