** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1783110
Title: >= linux-4.4.0-130: 14 bytes memory leaked when sending AF_PACKET / SOCK_RAW frames Status in linux package in Ubuntu: Fix Committed Status in linux source package in Xenial: Fix Committed Status in linux source package in Bionic: Fix Committed Bug description: Vulnerable: linux-image-4.4.0-130-generic, linux-image-4.4.0-131-generic Not vulnerable: linux-image-4.4.0-128-generic Bug (likely) introduced by commit: https://github.com/torvalds/linux/commit/b84bbaf7a6c8cca24f8acf25a2c8e46913a947ba Likely fixed upstream with (NOT VERIFIED): https://github.com/torvalds/linux/commit/9aad13b087ab0a588cd68259de618f100053360e Discussion about these commits on maillist, including someone referring to this bug: https://www.mail-archive.com/search?l=net...@vger.kernel.org&q=subject:%22Re%5C%3A+%5C%5BPATCH+net%5C%5D+packet%5C%3A+in+packet_snd+start+writing+at+link+layer+allocation%22&o=newest&f=1 When sending packets with AF_PACKET / SOCK_RAW, the actual transmitted packet contains 14 additional bytes at the end of the payload. Observations do show non-zero bytes getting leaked. See attached source for a simple proof of concept that sends a raw packet on the loopback interface. The payload should be 40 bytes of 0xAA, but tcpdump clearly shows 14 additional bytes are added. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1783110/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
