In the Linux kernel vulnerability (), which allows you to remotely cause a denial of service by sending specially designed UDP packets (packet-of-death). The problem is caused by a bug in the udp_gro_receive_segment handler (net/ipv4/udp_offload.c) with the implementation of GRO (Generic Receive Offload) technology and can lead to corruption of the contents of kernel memory areas when processing UDP packets with zero padding (empty payload).
The problem only affects the kernel , since GRO support for UDP sockets was in November of last year and managed to get only in the last stable release of the kernel. GRO technology allows you to speed up the processing of a large number of incoming packets by aggregating multiple packets into larger blocks that do not require separate processing of each packet.
For TCP, the problem does not appear, since aggregation of packets without payload is not supported for this protocol.
Vulnerability has so far been fixed only in the form , a corrective update has not yet been published (in yesterday's update 5.0.11. ). Of the distributions, the 5.0 kernel managed to become part of , , , and other continuously updated distributions. , , ΠΈ the problem is not affected.
The problem was found as a result automated fuzzing testing system created by Google and analyzer (KernelAddressSanitizer), aimed at identifying errors when working with memory and facts of incorrect memory access, such as accessing freed memory areas and placing code in memory areas not intended for such manipulations.
Source: opennet.ru