The Wire ยท Showcase
NETWORKING FIXES LAND AHEAD OF 7.2-RC3 AS MEMORY LEAKS AND BUFFER OVERREADS GET PLUGGED
By RepoJournal ยท Filed ยท About Linux
The kernel is shipping critical fixes for in-flight packet handling, MAC address spoofing vectors, and heap overreads that could crash your network stack.
Paolo Abeni merged the net-7.2-rc3 pull with fixes spanning Bluetooth, netfilter, and batman-adv, addressing both current-release regressions and older bugs that have shipped for years [1]. The MACB ethernet driver carried a memory leak from its inception that never freed in-flight transmit SKBs on interface close, a issue finally caught and patched [2]. Security-critical: macsec's encryption path reads uninitialized MAC headers on AF_PACKET raw transmit paths, triggering a 12-byte heap over-read that can crash the system [3]. The loopback DIB transport layer had no bounds checking on memory moves, allowing peer-supplied offsets to write past allocated kernel buffers [4]. SMB3 server fixes landed alongside these network patches, hardening multichannel session binding and SID-to-id mapping across authentication rounds [5].
Action items
- โ Pull net-7.2-rc3 fixes into your tree before the final release - heap overread in macsec requires immediate patching torvalds/linux [immediate]
- โ If you run MACB-based ethernet hardware, apply the SKB leak fix to prevent memory exhaustion on repeated ifdown/ifup cycles torvalds/linux [plan]
- โ Monitor loopback DIB bounds checking if you use software ISM transport in containerized environments torvalds/linux [monitor]
References
- [1] Merge tag 'net-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net torvalds/linux
- [2] net: macb: drop in-flight Tx SKBs on close torvalds/linux
- [3] macsec: don't read an unset MAC header in macsec_encrypt() torvalds/linux
- [4] dibs: loopback: validate offset and size in move_data() torvalds/linux
- [5] Merge tag 'v7.2-rc2-smb3-server-fixes' of git://git.samba.org/ksmbd torvalds/linux