CVE-2019-11683 – A vulnerability in the udp_gro_receive_segment function of the Linux Kernel could cause denial of service (May 2019)

Preface: 78% of vulnerabilities are found in indirect dependencies, making remediation complex – said

Description: GSO for UDP: Segmentation offload reduces cycles/byte for large packets by amortizing the cost of protocol stack traversal.

Vulnerability details: udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x through 5.0.11 allows remote attackers to cause a denial of service. The vulnerability exists because the udp_gro_receive_segment function, as defined in the net/ipv4/udp_offload.c source code file of the affected software, mishandles padded packets. A successful exploit could cause the system to crash, resulting in a DoS condition.

Remedy: has confirmed the vulnerability and released software updates –