CVE-2023-53825

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().<br /> <br /> syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd720<br /> ("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by<br /> updating kcm_tx_msg(head)-&gt;last_skb if partial data is copied so that the<br /> following sendmsg() will resume from the skb.<br /> <br /> However, we cannot know how many bytes were copied when we get the error.<br /> Thus, we could mess up the MSG_MORE queue.<br /> <br /> When kcm_sendmsg() fails for SOCK_DGRAM, we should purge the queue as we<br /> do so for UDP by udp_flush_pending_frames().<br /> <br /> Even without this change, when the error occurred, the following sendmsg()<br /> resumed from a wrong skb and the queue was messed up. However, we have<br /> yet to get such a report, and only syzkaller stumbled on it. So, this<br /> can be changed safely.<br /> <br /> Note this does not change SOCK_SEQPACKET behaviour.