CVE-2019-11683 – A vulnerability in the udp_gro_receive_segment function of the Linux Kernel could cause denial of service (May 2019)

Preface: 78% of vulnerabilities are found in indirect dependencies, making remediation complex – said snyk.io.

Description: GSO for UDP: Segmentation offload reduces cycles/byte for large packets by amortizing the cost of protocol stack traversal.

Vulnerability details: udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x through 5.0.11 allows remote attackers to cause a denial of service. The vulnerability exists because the udp_gro_receive_segment function, as defined in the net/ipv4/udp_offload.c source code file of the affected software, mishandles padded packets. A successful exploit could cause the system to crash, resulting in a DoS condition.

Remedy: Kernel.org has confirmed the vulnerability and released software updates – https://lwn.net/Articles/787532/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.