** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1980590
Title: SECURITY leak in dpkg "nftables" kernel code family netdev hook ingress Status in linux package in Ubuntu: New Bug description: an android app is sending big UDP datagrams, this generates IPv4 fragments this IPv4 fragments can not be controlled in firewall nftables family netdev hook ingress. platform: Ubuntu 22.04LTS, latest patches installed I documented 2 screenshots fragment1.png wireshark: ethernet header type=0x800, ipv4 header ID=0x2466, more frags, frag-offset=0, total=1500 fragment2.png wireshark: ethernet header type=0x800, ipv4 header ID=0x2466, frag-offset=1480, total=413 at the bottom of the screenshots is "/usr/sbin/nft monitor trace" family "netdev" hook "ingress" @nh,0,160 is the raw ipv4 data total=0x765=1893, ID=0x2466, glueing the two ipv4 fragments together = 1500 + 413 - 20 = 1893, oops the nftables TRACE shows an already processed bigger ipv4 packet. there is a race condition! the ipv4 processing has to WAIT for all the rules in family "netdev" hook "ingress" I cannot control ether type 0x800 completely in family "netdev" hook "ingress" this is a security vulnerability! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1980590/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
