Bug 1134021 - (CVE-2019-11683) VUL-0: CVE-2019-11683: kernel-source: "GRO packet of death" issue in the Linux kernel
(CVE-2019-11683)
VUL-0: CVE-2019-11683: kernel-source: "GRO packet of death" issue in the Linu...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/231973/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-03 07:23 UTC by Marcus Meissner
Modified: 2019-05-06 11:45 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-05-03 07:23:46 UTC
CVE-2019-11683

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x
through 5.0.11 allows remote attackers to cause a denial of service
(slab-out-of-bounds memory corruption) or possibly have unspecified other impact
via UDP packets with a 0 payload, because of mishandling of padded packets, aka
the "GRO packet of death" issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11683
http://www.openwall.com/lists/oss-security/2019/05/02/1
http://seclists.org/oss-sec/2019/q2/86
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11683.html
http://www.cvedetails.com/cve/CVE-2019-11683/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11683
https://www.spinics.net/lists/netdev/msg568315.html
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37
Comment 1 Marcus Meissner 2019-05-03 07:28:13 UTC
Fixes: e20cf8d3f1f7 is only in 5.0 and 5.1dev

-> No SLE or openSUSE is affected.
Comment 2 Michal Kubeček 2019-05-03 23:10:53 UTC
(In reply to Marcus Meissner from comment #1)
> Fixes: e20cf8d3f1f7 is only in 5.0 and 5.1dev
> 
> -> No SLE or openSUSE is affected.

Tumbleweed has 5.0 kernel and the fix is not in stable-5.0 yet, AFAICS.
Comment 3 Michal Kubeček 2019-05-06 11:25:58 UTC
The fix is now in 5.0.13 stable update which is already in stable branch.

Reassigning to security team.
Comment 4 Marcus Meissner 2019-05-06 11:45:47 UTC
done