A security has been in found in udp.c in the Linux kernel before 4.5, which allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during the execution of a recv() system call with the MSG_PEEK flag set.
A security has been in found in udp.c in the Linux kernel before 4.5, which allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during the execution of a recv() system call with the MSG_PEEK flag set.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191
Looks like the issue was introduced by 89c22d8, but was prevented in mainline because since 3.19 skb_copy_and_csum_datagram_iovec() is not used in this path anymore, and skb_copy_and_csum_datagram_msg() prevents the problem. However it looks like 89c22d8 was backported to older "stable" kernels without the move to skb_copy_and_csum_datagram_msg() , making them vulnerables.
Vulmon