Fixed in 4.15.0-38.
http://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/commit/?id=de8aa589c0b015380e782fbbdc7f435cdf5eb334
** Changed in: linux (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1791893
Title:
Trailing garbage data when sending on an AF_PACKET socket
Status in linux package in Ubuntu:
Fix Released
Bug description:
When sending an Ethernet frame on an packet socket (AF_PACKET,
SOCK_RAW), an additional 14 bytes of trailing data is sent on the
interface. The extra 14 bytes are present regardless of the packet
size. The extra data could be garbage/uninitialised kernel memory.
Expected result:
The raw Ethernet frame is sent on the interface.
Actual result:
The raw Ethernet frame plus an additional 14 bytes of unknown data is sent on
the interface.
Steps to reproduce:
The attached test program inject.c can be used to reproduce the issue.
# In window 1. Send an EAP packet without any payload.
gcc inject.c -o inject
sudo ./inject lo
# Simultaneously in window 2. Tcpdump shows a payload of 14 bytes.
sudo tcpdump -i lo -enlx
07:45:45.005652 02:00:00:00:00:01 > 02:00:00:00:00:00, ethertype EAPOL
(0x888e), length 28: EAP packet (0) v64, len 0
0x0000: 4000 0000 0000 0000 4000 0000 0000
Running strace on the "inject" program shows that send(2) is indeed
called with the correct buffer size. The extra 14 bytes appear to be
added by the kernel, and this might leak kernel memory.
Ubuntu release:
Ubuntu 18.04.1 LTS
Package version:
4.15.0-33.36
The issue could not be reproduced on linux-image-4.15.0-22-generic or
linux-image-4.15.0-23-generic.
uname -a:
Linux ubuntu 4.15.0-33-generic #36-Ubuntu SMP Wed Aug 15 16:00:05 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: johan 1763 F.... pulseaudio
CurrentDesktop: GNOME-Flashback:GNOME
DistroRelease: Ubuntu 18.04
HibernationDevice: RESUME=UUID=7d5f82e0-635f-4c53-a80d-11b0f47d27fd
InstallationDate: Installed on 2018-01-08 (245 days ago)
InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64
(20170801)
IwConfig:
lxcbr0 no wireless extensions.
enp0s3 no wireless extensions.
lo no wireless extensions.
Lsusb:
Bus 001 Device 002: ID 80ee:0021 VirtualBox USB Tablet
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: innotek GmbH VirtualBox
Package: linux (not installed)
ProcFB: 0 vboxdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-33-generic
root=UUID=54834e7a-dbec-4d9f-b662-6107cecc8a86 ro quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
RelatedPackageVersions:
linux-restricted-modules-4.15.0-33-generic N/A
linux-backports-modules-4.15.0-33-generic N/A
linux-firmware 1.173.1
RfKill:
StagingDrivers: vboxvideo
Tags: bionic staging
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-06-27 (76 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo wireshark
_MarkForUpload: True
dmi.bios.date: 12/01/2006
dmi.bios.vendor: innotek GmbH
dmi.bios.version: VirtualBox
dmi.board.name: VirtualBox
dmi.board.vendor: Oracle Corporation
dmi.board.version: 1.2
dmi.chassis.type: 1
dmi.chassis.vendor: Oracle Corporation
dmi.modalias:
dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr:
dmi.product.family: Virtual Machine
dmi.product.name: VirtualBox
dmi.product.version: 1.2
dmi.sys.vendor: innotek GmbH
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1791893/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
