Linux Kernel net/ieee802154 Socket Zero-Sized Message Length Validation Vulnerability

A vulnerability in the Linux kernel's ieee802154 socket handling has been addressed. The issue arose because the raw_sendmsg function did not properly validate message lengths, allowing zero-sized messages to pass through. This oversight triggered a warning in the skb_assert_len function, indicating a potential problem with packet handling. The vulnerability was introduced in a previous commit and has been fixed by adding a length check to the raw_sendmsg function, ensuring that only valid message sizes are processed.

Impact

The vulnerability could lead to improper packet handling, potentially causing issues in network communication or application behavior.

Reproduction

The vulnerability can be reproduced by sending a zero-sized message through an ieee802154 socket using the raw_sendmsg function. This will trigger the skb_assert_len warning, indicating that the socket is not properly handling the zero-length message.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.