ACK / APPLIED[Unstable]: [PATCH 0/2][SRU][D/E] CVE-2019-11683: UDP GRO Denial-of-Service

Seth Forshee seth.forshee at
Fri May 3 18:56:57 UTC 2019

On Fri, May 03, 2019 at 05:22:51PM +0000, Tyler Hicks wrote:
>  udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x
>  through 5.0.11 allows remote attackers to cause a denial of service
>  (slab-out-of-bounds memory corruption) or possibly have unspecified other
>  impact via UDP packets with a 0 payload, because of mishandling of padded
>  packets, aka the "GRO packet of death" issue.
> Clean cherry picks and build log. I've verified that the syzbot reproducer
> crashes the 5.0.0-13.14 Disco kernel but not once these fixes are applied. I've
> also regression tested with the,,,
> and net selftests.

Clean cherry picks, positive testing.

Acked-by: Seth Forshee <seth.forshee at>

Applied to unstable/master, thanks!

More information about the kernel-team mailing list