This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1889735 Title: tap: use after free Status in linux package in Ubuntu: Invalid Status in linux source package in Bionic: Fix Committed Bug description: [Impact] If the socket buffer array of a tap queue is full, a received package needs to be dropped. Currently, the check for the array being full is performed lockless, which might lead to use-after-free errors if the socket buffer array has been resized. [Test Case] TBD. [Regression Potential] The check for the array being full is simply dropped. In case the array is full, subsequent frame handling will fail and the frame is eventually dropped. A regression would manifest itself if the frame is not dropped for whatever reason and inserted into the full (ring) buffer, overwriting the oldest frame in the buffer. So we'd end up with frame/packet loss. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1889735/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
