DPDK announcements
 help / color / mirror / Atom feed
From: Thomas Monjalon <thomas@monjalon.net>
To: announce@dpdk.org
Cc: security@dpdk.org, oss-security@lists.openwall.com
Subject: CVE-2022-2132 disclosure
Date: Mon, 29 Aug 2022 20:12:18 +0200	[thread overview]
Message-ID: <1705193.jNaZZp9DzI@thomas> (raw)

A vulnerability was fixed in DPDK.
Some downstream stakeholders were warned in advance
in order to coordinate the release of fixes
and reduce the vulnerability window.

In copy_desc_to_mbuf() function,
the Vhost header was assumed not across more than two descriptors.

If a malicious guest send a packet
with the Vhost header crossing more than two descriptors,
the buf_avail will be a very large number near 4G.

All the mbufs will be allocated,
therefore other guests traffic will be blocked.
A malicious guest can cause denial of service
for the other guest running on the hypervisor.

CVE: CVE-2022-2132
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=1031
Severity: 8.6 (High)
CVSS scores: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Commits per branch:
	main
	        https://git.dpdk.org/dpdk/commit/?id=71bd0cc536
	        https://git.dpdk.org/dpdk/commit/?id=dc1516e260
	21.11
	        https://git.dpdk.org/dpdk-stable/commit/?id=f167022606
	        https://git.dpdk.org/dpdk-stable/commit/?id=e12d415556
	20.11
	        https://git.dpdk.org/dpdk-stable/commit/?id=8fff8520f3
	        https://git.dpdk.org/dpdk-stable/commit/?id=089e01b375
	19.11
	        https://git.dpdk.org/dpdk-stable/commit/?id=5b3c25e6ee
	        https://git.dpdk.org/dpdk-stable/commit/?id=e73049ea26

LTS Releases:
	21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
	20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz
	19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz

CVE: CVE-2022-2132
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=1031
Severity: 8.6 (High)
CVSS scores: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H



                 reply	other threads:[~2022-08-29 18:12 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1705193.jNaZZp9DzI@thomas \
    --to=thomas@monjalon.net \
    --cc=announce@dpdk.org \
    --cc=oss-security@lists.openwall.com \
    --cc=security@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).