Bugzilla – Bug 1134021
VUL-0: CVE-2019-11683: kernel-source: "GRO packet of death" issue in the Linux kernel
Last modified: 2019-05-06 11:45:47 UTC
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x
through 5.0.11 allows remote attackers to cause a denial of service
(slab-out-of-bounds memory corruption) or possibly have unspecified other impact
via UDP packets with a 0 payload, because of mishandling of padded packets, aka
the "GRO packet of death" issue.
Fixes: e20cf8d3f1f7 is only in 5.0 and 5.1dev
-> No SLE or openSUSE is affected.
(In reply to Marcus Meissner from comment #1)
> Fixes: e20cf8d3f1f7 is only in 5.0 and 5.1dev
> -> No SLE or openSUSE is affected.
Tumbleweed has 5.0 kernel and the fix is not in stable-5.0 yet, AFAICS.
The fix is now in 5.0.13 stable update which is already in stable branch.
Reassigning to security team.