[PATCH 0/2][SRU][D/E] CVE-2019-11683: UDP GRO Denial-of-Service

Tyler Hicks tyhicks at canonical.com
Fri May 3 17:22:51 UTC 2019


 udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x
 through 5.0.11 allows remote attackers to cause a denial of service
 (slab-out-of-bounds memory corruption) or possibly have unspecified other
 impact via UDP packets with a 0 payload, because of mishandling of padded
 packets, aka the "GRO packet of death" issue.

Clean cherry picks and build log. I've verified that the syzbot reproducer
crashes the 5.0.0-13.14 Disco kernel but not once these fixes are applied. I've
also regression tested with the udpgso.sh, udpgso_bench.sh, udpgro_bench.sh,
and udpgro.sh net selftests.


Eric Dumazet (1):
  udp: fix GRO packet of death

Paolo Abeni (1):
  udp: fix GRO reception in case of length mismatch

 net/ipv4/udp_offload.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)


More information about the kernel-team mailing list