Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+fCnZeEm1PAjBzVbMuKzoZuE5rKffqdRPBvNO7C5yNO+JnbXQ@mail.gmail.com>
Date: Thu, 2 May 2019 19:14:30 +0200
From: Andrey Konovalov <andreyknvl@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2019-11683: "GRO packet of death" issue in the Linux kernel

Hi,

syzbot has reported a remotely triggerable memory corruption in the
Linux kernel. It's been introduced quite recently in e20cf8d3f1f7
("udp: implement GRO for plain UDP sockets.") and only affects the 5.0
(stable) release (so the name is a bit overhyped :).

CVE-2019-11683 description:

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel
5.x through 5.0.11 allows remote attackers to cause a denial of
service (slab-out-of-bounds memory corruption) or possibly have
unspecified other impact via UDP packets with a 0 payload, because of
mishandling of padded packets, aka the "GRO packet of death" issue.

Fix (not yet upstream):

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37

Thanks!

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.