CVE-2022-50706

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/ieee802154: don&amp;#39;t warn zero-sized raw_sendmsg()<br /> <br /> syzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1],<br /> for PF_IEEE802154 socket&amp;#39;s zero-sized raw_sendmsg() request is hitting<br /> __dev_queue_xmit() with skb-&gt;len == 0.<br /> <br /> Since PF_IEEE802154 socket&amp;#39;s zero-sized raw_sendmsg() request was<br /> able to return 0, don&amp;#39;t call __dev_queue_xmit() if packet length is 0.<br /> <br /> ----------<br /> #include <br /> #include <br /> <br /> int main(int argc, char *argv[])<br /> {<br /> struct sockaddr_in addr = { .sin_family = AF_INET, .sin_addr.s_addr = htonl(INADDR_LOOPBACK) };<br /> struct iovec iov = { };<br /> struct msghdr hdr = { .msg_name = &amp;addr, .msg_namelen = sizeof(addr), .msg_iov = &amp;iov, .msg_iovlen = 1 };<br /> sendmsg(socket(PF_IEEE802154, SOCK_RAW, 0), &amp;hdr, 0);<br /> return 0;<br /> }<br /> ----------<br /> <br /> Note that this might be a sign that commit fd1894224407c484 ("bpf: Don&amp;#39;t<br /> redirect packets with invalid pkt_len") should be reverted, for<br /> skb-&gt;len == 0 was acceptable for at least PF_IEEE802154 socket.