Fixed
Created: Dec 10, 2025
Updated: Dec 11, 2025
Resolved Date: Dec 10, 2025
Found In Version: 10.22.33.1
Fix Version: 10.22.33.13
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().[EOL][EOL]syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd720[EOL]("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by[EOL]updating kcm_tx_msg(head)->last_skb if partial data is copied so that the[EOL]following sendmsg() will resume from the skb.[EOL][EOL]However, we cannot know how many bytes were copied when we get the error.[EOL]Thus, we could mess up the MSG_MORE queue.[EOL][EOL]When kcm_sendmsg() fails for SOCK_DGRAM, we should purge the queue as we[EOL]do so for UDP by udp_flush_pending_frames().[EOL][EOL]Even without this change, when the error occurred, the following sendmsg()[EOL]resumed from a wrong skb and the queue was messed up. However, we have[EOL]yet to get such a report, and only syzkaller stumbled on it. So, this[EOL]can be changed safely.[EOL][EOL]Note this does not change SOCK_SEQPACKET behaviour.
