News

“GRO packet of death” vulnerability is found in Linux kernel

In Linux kernel discovered vulnerability CVE-2019-11683.

It enables remotely cause denial in service through sending specially designed UDP-packets (packet-of-death).

Problem hides in the error of handler udp_gro_receive_segment (net/ipv4/udp_offload.c) with realization of GRO (Generic Receive Offload) technology and can lead to damage of core memory regions while processing UDP-packets with zero filling (empty payload).

“Mishandling of padded packets, aka the “GRO packet of death” issue found in Linux kernel”, — reported researchers on seclists.org forum.

Problem involves 5.0 kernel only as GRO support for UDP-sockets was realized in Novemebr 2018 and got in the last stable core release only. GRO technology allows speeding up processing of large quantities of incoming packets due aggregation of packets in larger blocks that does not demand processing of every packet solely.

For TCP problem does not arise, as for this protocol aggregation of packets without payload is not supported.

Vulnerability is fixed in the form of the patch; correcting update is not published yet. Among distributives core 5.0 managed to get in parts of Fedora 30, Ubuntu 19.04, Arch Linux, Gentoo and other permanently updated distributives.

Problem does not affect Debian, Ubuntu 18.10 and younger, RHEL/CentOS and SUSE/openSUSE.

Problem was discovered as a result of syzbot usage that is Google-created automatized fuzzing-testing system, and KASAN(KernelAddressSanitizer) analyzer that aims detection of errors while working with the memory and facts of incorrect turns to memory, as, for example, calls to freed memory areas and code placement in memory areas that are not designed for such manipulations.

Source: https://seclists.org

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove News-bpudepi.today Pop-up Ads

About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove Doguhtam.xyz Pop-up Ads

About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…

1 day ago

Remove News-xlixoti.com Pop-up Ads

About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…

1 day ago

Remove Ducesousightion.com Pop-up Ads

About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…

1 day ago

Remove News-xlabica.live Pop-up Ads

About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove Mergechain.co.in Pop-up Ads

About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…

1 day ago