FS#62533 - linux >=5.0.11 CVE-2019-11683 "GRO packet of death"
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Friday, 03 May 2019, 07:07 GMT
Last edited by Jan Alexander Steffens (heftig) - Thursday, 11 July 2019, 20:09 GMT
Opened by Pascal Ernster (hardfalcon) - Friday, 03 May 2019, 07:07 GMT
Last edited by Jan Alexander Steffens (heftig) - Thursday, 11 July 2019, 20:09 GMT
|
Details
The issue is described here:
https://seclists.org/oss-sec/2019/q2/86 The fix (supposedly) consists of applying these two patches, which have not been merged by upstream yet: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/patch/net/ipv4/udp_offload.c?id=21f1b8a6636c4dbde4aa1ec0343f42eaf653ffcc https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/patch/net/ipv4/udp_offload.c?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37 This probably also affects other flavors of the 5.0 kernel, like linux-hardened and linux-zen. linux-lts should not be affected, since the vulnerable code was only introduced in Linux 5.0. |
This task depends upon
Closed by Jan Alexander Steffens (heftig)
Thursday, 11 July 2019, 20:09 GMT
Reason for closing: Fixed
Thursday, 11 July 2019, 20:09 GMT
Reason for closing: Fixed
missed 5.0.12-rc1
Edit:
queued for 5.0.13
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/queue-5.0/udp-fix-gro-packet-of-death.patch?id=62d56e2fb7e541a08781488bfc39e5f4cb0261ab
Does it close the case?