← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1783110] Re: >= linux-4.4.0-130: 14 bytes memory leaked when sending AF_PACKET / SOCK_RAW frames

 

** Changed in: linux (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** Changed in: linux (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1783110

Title:
  >= linux-4.4.0-130: 14 bytes memory leaked when sending AF_PACKET /
  SOCK_RAW frames

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Bionic:
  Fix Released

Bug description:
  Vulnerable: linux-image-4.4.0-130-generic, linux-image-4.4.0-131-generic
  Not vulnerable: linux-image-4.4.0-128-generic

  Bug (likely) introduced by commit:
  https://github.com/torvalds/linux/commit/b84bbaf7a6c8cca24f8acf25a2c8e46913a947ba

  Likely fixed upstream with (NOT VERIFIED):
  https://github.com/torvalds/linux/commit/9aad13b087ab0a588cd68259de618f100053360e

  Discussion about these commits on maillist, including someone referring to this bug:
  https://www.mail-archive.com/search?l=netdev@xxxxxxxxxxxxxxx&q=subject:%22Re%5C%3A+%5C%5BPATCH+net%5C%5D+packet%5C%3A+in+packet_snd+start+writing+at+link+layer+allocation%22&o=newest&f=1

  When sending packets with AF_PACKET / SOCK_RAW, the actual transmitted
  packet contains 14 additional bytes at the end of the payload.
  Observations do show non-zero bytes getting leaked.

  See attached source for a simple proof of concept that sends a raw
  packet on the loopback interface. The payload should be 40 bytes of
  0xAA, but tcpdump clearly shows 14 additional bytes are added.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1783110/+subscriptions