From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <announce-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 6C099A034C
	for <public@inbox.dpdk.org>; Mon,  9 May 2022 19:51:09 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id E84E3410EE;
	Mon,  9 May 2022 19:51:08 +0200 (CEST)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mails.dpdk.org (Postfix) with ESMTP id D863240689
 for <announce@dpdk.org>; Thu,  5 May 2022 03:42:09 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1651714930; x=1683250930;
 h=from:to:subject:date:message-id:mime-version;
 bh=82LWrpLh5AmzHE3KMEHabRBPTEiOtTEbYnUTah/Axhs=;
 b=Q2vMQrFkqMgW0peltRhf2bJmVAwMCNdIpffOaN0l2cTXPVSVt6epOso/
 taB6jNLP61yqKo8/KAW0iUpgXJp6hVOaiDm0l9iSKbNupOumzunjKa91p
 May0KFO3FSxipkV1vu/T65oEsJ6iS/gNkV8hEvsNj81MRM1jq7UrA0dSu
 4NK2PaoAXVvSZVWhkadUgp7kmLgWi5BXVSg/SLPZ7TNECCIkPHh5++IeY
 BM3l2xJw7SPjIfs65nd4pE0OdgWjilZgKy2rBj1rrl95wAqAB4XH+sZNw
 0NGBCOXrDqNhFNzvTFpNd9mNvI+qcGeTv53r43i8CV5Vxt0KJSewAnStu w==;
X-IronPort-AV: E=McAfee;i="6400,9594,10337"; a="247863899"
X-IronPort-AV: E=Sophos;i="5.91,199,1647327600"; 
 d="scan'208,217";a="247863899"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 04 May 2022 18:42:08 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,199,1647327600"; 
 d="scan'208,217";a="585055931"
Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15])
 by orsmga008.jf.intel.com with ESMTP; 04 May 2022 18:42:08 -0700
Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by
 ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.27; Wed, 4 May 2022 18:42:08 -0700
Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by
 ORSMSX609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.27; Wed, 4 May 2022 18:42:07 -0700
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by
 orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.27 via Frontend Transport; Wed, 4 May 2022 18:42:07 -0700
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.170)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2308.27; Wed, 4 May 2022 18:42:07 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=hLQ/OcFgBIJlG3nt5Ij2rZOSolSaZfthXDl0kqm1t49w625nEAGGwcBtM2MmlWUh+aPkp4yztany8FGDgujcYqZlszpmrxnod1tc2nhJmnbFp/8VkvsOoaHSaEPn1CKYS3CSgqB4Qtv7ePMGJ1mColSCjBGe674EyBXjH1k8U+FEqfg281RT4Rhn9H/V76JzhA6bW1nofsHk9FFawBqaNmrUi9Cxjq4zBNbQm5Eo3EqQw6xH1SVv0RD5CZT37Z5eeJVhkue6XZus3h/FHlESS3+CFiJQPJoWEpA34LUOgtswhpTstB2xiB4nGaqD8rLuct0sATNIKQqUhF1AsRc64A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=GR7X9S+TeC91P5YWRXRxDoI5nNXfAh4MLAdT8651TIc=;
 b=oT1+h45EqgETLSQRBy2hvV6kaPBvdjJFRm8Lku3B4snK4lELdyMdVqyBhSVYGqo3VIcjrJkZKHJJNLb6K7sWk5SzbUaBwoNLeRLv731MPoRTsFzLCiQluEegoT6R3CuZGEi7RXyXpMQhzhRoKOBFdXwBIc1M+BQ3LYjLDEvDP6hkXRvHCIhiAm+ULeR3JkQCKEHZaKRSkyWH0ACa9qCDs+yTF/liZzY+vf+QkpPfhY/AfYf9rMy4ryAY5EUb1aiDtjNWSpHmnPUp7Ukqn3PVS5QC2MEljXd3XhsMziUywsKpTN5XtphWTjsk2rz4g3wa9Zt7oDv3PczzAdZ33sMzrg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from SJ0PR11MB5006.namprd11.prod.outlook.com (2603:10b6:a03:2db::22)
 by SJ1PR11MB6226.namprd11.prod.outlook.com (2603:10b6:a03:45b::11)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.13; Thu, 5 May
 2022 01:42:06 +0000
Received: from SJ0PR11MB5006.namprd11.prod.outlook.com
 ([fe80::e04b:d4a5:66f:12ee]) by SJ0PR11MB5006.namprd11.prod.outlook.com
 ([fe80::e04b:d4a5:66f:12ee%9]) with mapi id 15.20.5206.025; Thu, 5 May 2022
 01:42:06 +0000
From: "Jiang, Cheng1" <cheng1.jiang@intel.com>
To: "announce@dpdk.org" <announce@dpdk.org>
Subject: CVE-2021-3839 Release Notice
Thread-Topic: CVE-2021-3839 Release Notice
Thread-Index: AdhgH77OXuE70bJ9R7SnlJZ0IarOYQ==
Date: Thu, 5 May 2022 01:42:06 +0000
Message-ID: <SJ0PR11MB500667250EAC958D15489AFFDCC29@SJ0PR11MB5006.namprd11.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-reaction: no-action
dlp-version: 11.6.500.15
dlp-product: dlpe-windows
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: be6726d1-93bf-4e78-8693-08da2e387653
x-ms-traffictypediagnostic: SJ1PR11MB6226:EE_
x-microsoft-antispam-prvs: <SJ1PR11MB6226248C9A562003896D3B3FDCC29@SJ1PR11MB6226.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CfaRQoFyvUGT3YquZUheBJ3VROg74HnwzJWvFA38VipSq/UuSh1mBdVgv8NJQEF+sdGvqGL2Dmk1sLguWiJH9lnY+y6ONwnEbSK/ST2kE9bwdhhRUtZFplKDu4Lq4Xe82q8W5BlaThPFMZTI3XVBAqzY0IWHVS4Su6DqNbk4EmnXPf+EVzjCaN0ud99GjwZvEEDRIfUni7D7fSHnIKMQff90R0FLd6TwMVoi06oTH+cqfkZkiR+mYT0RfQYfImYPB0jt1EHyQODosgc2dy7/f7c3RCHfTjHMIau19DHYOc0WtQDboHyZgNL+jLG3CIeAvYuBadGP7d9g1GvIUDeKpBvXZFoWS8LZJQ9/fPBncDtYna0QG4ccfkw0n6lZXY1DLnPXWdmMoj/SSx7uCK4N1pEzj3HDY7J3eC9aQS3+qLIn/VWHvU1djl34GogRjQ6DYgveGOUOmULWT5+UGJV6ADYNrT1iEzBc0es9W4D2GjT7YKq4pBIitCr9c3tumuPovuVkh5tB2/luXw6CjN1ARgKMKIIp2HBI1T4CXmZzjwvioc/l0/zS0JHcvj2j6/RcGXx8ceRhOR9VkVKTLkr3DGqOfkmEof+nAfGvo/LI5mfcDqFFCVIC9/KzODHmObeyYROBBG2XHlASgOCoyavB/otRnhEJHTfM6IOR5yWpRALxXWJXURK6wdyQp/c0np/gQCRBbQzde7dZUoTJf7nXJhnN+2j1wRIPAvKCpk46cEdHTzDtA5C9PRLhEAhBdyE7PUug2sObOfQg8dR51Djj2+4Eu637BBBpBT0iAa5pmL0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:SJ0PR11MB5006.namprd11.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230001)(366004)(316002)(166002)(6916009)(86362001)(71200400001)(55016003)(38100700002)(64756008)(83380400001)(66476007)(66446008)(8676002)(76116006)(66946007)(66556008)(33656002)(508600001)(6506007)(9686003)(186003)(966005)(4744005)(52536014)(8936002)(5660300002)(2906002)(7696005)(122000001)(26005)(82960400001)(38070700005);
 DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?w/Niw6AdsKuYAw33coKrGoSufRSd0XN30H2DsZw1vp1EIhxa4RFB5+bAvEuN?=
 =?us-ascii?Q?1d0AHA8yRAwXDxGtAzYpb3/4CC2TTgi/Uga1OImGaIIQtdcblVFdhdkM6f62?=
 =?us-ascii?Q?QLbsFggYWZy14TCfRjAydLtRSaxEMTLgCzo7FaC7ezytasPyHq2UbAfJw95v?=
 =?us-ascii?Q?dmFxCodecT5QkrIy88NfwpOmu4ig/zMt7UBgSgbC5dB0P5SNmGgzEeELkqzL?=
 =?us-ascii?Q?HyJuCf82BxqLzx8WIQo8c6KQSk9h0xGEN3VGEb1FGy2KxcVkN2OPVev6hbht?=
 =?us-ascii?Q?O5ngP3RfK1KdJtCfLvkLaz03wn5s3Wt6DRSVm5aVFQyDjfBYoVd+vwUg7hiZ?=
 =?us-ascii?Q?hPFk+8cfcWg1IA9s4Gwju2IngFL5Y+h5T0LqKJ8HndF98cfk061+5kkKKOVp?=
 =?us-ascii?Q?vBmEnkhMpKE/2NxOy5bqPoak7/Pn3FUvqttBcPKaCUY/EQyCsIUALptWw5xm?=
 =?us-ascii?Q?22TiTAB8jO0rzzaZ62gdfrg5s2wqqESZ+15wQYO+tp0OlaYHicAyZmZpz9sd?=
 =?us-ascii?Q?1HC2iog0tUxVtUdM+6GAVeWbLeMe/QAClKXNmh/zBwGVR8eQR2x4ZPtOBmTj?=
 =?us-ascii?Q?dSOAplJksMYPFnZNLAVtr1nhYpoWTQqAj8Gmr/+cvW+swqVF5tY1s2J6T8Rc?=
 =?us-ascii?Q?FQNsQS1YLb5SWmYe91I5aymgF8UciCRUD7qav2ZyKt2y/XgxTHBWF4ItQQGr?=
 =?us-ascii?Q?I7PQOqB4Pbupr2xbd8qdKYYXmioMkQfIXym/NA2Zkpx7Ug0ngOHC9fw7MYCJ?=
 =?us-ascii?Q?2yoNdpm+KYdECT9Fh3XMfhShudnKUiNLerVpKWNLlcbKuoSdp/EghDvlQ7aj?=
 =?us-ascii?Q?dlVU2F6UrfgF4qChxVRswuhUsEUGTrjwLnKIVEneKC5rrBsNLJs7w6Lk4v+5?=
 =?us-ascii?Q?tCrvcStBE7FZieF8HsMr4l0MQEWo13qPT55tgtv4+jbEwDYjKdbRqfiqpH6n?=
 =?us-ascii?Q?UDOvVLhTIYv1CEFUkSIidI0K33seHf6gvjwBbQWGJyqo9U7hUBJ09AFToBmq?=
 =?us-ascii?Q?Xb390mGFLDQu2KBnAbK0Y6kDDbaCEXga/5MpPQo7Tmh+MArED8xE5/eLXwuw?=
 =?us-ascii?Q?iybwuoI71WTHogmoyodYe5lpGcZS2ZIxBtoE8uYhMQVaaO+3SxG7mQsHEcl1?=
 =?us-ascii?Q?/+0/DjpHmKReB2iee3VvlZWWfobIvltVCkhk39nd0i/CRJtAWBsXfiiJD4Mk?=
 =?us-ascii?Q?WYi4zrN2GnVV8lB5oy7QTdW6LXbn1Zf0wQWE75iSAy/m5b0JwO2f6BCixbl1?=
 =?us-ascii?Q?X1SpaTmxhsiDlymf3GxaRxlxqDJVKBL3tkiNtdopjTVXB8btSnHA9iu1jm1a?=
 =?us-ascii?Q?XdCTMkWbUlYfwVU5c2vHzsMd3ExYnf7wB+FfbBy/HtpvrYSVb1R9HTj0t0fQ?=
 =?us-ascii?Q?PqX0/FHOJbuZlLr/4ULsjCHsQPXjVbAj31aLRO9xUw8B0KR5rRMMzb4gb5R/?=
 =?us-ascii?Q?tgqPDrhPYLWBk53FZHLPkgPlZBKbsyJNey4ZTunGEi1pc+sYLBxMzYmP1O++?=
 =?us-ascii?Q?AZtNyJE4/n1m1li3pEUMiODvmtrqcI0vLeUwM2WXjYDBepGLULBrwovAN2ab?=
 =?us-ascii?Q?nHHjI/jA0N5EdXpV2G5dtdLOEsCVRYlZNhkVrKFaNIeajNFjjRka9ll42yZh?=
 =?us-ascii?Q?nT9qWOg7cJv9OgiWkcXjTvWcMqkae60+GpYG1bI+WgbRzjb4m+WJJjFggdg5?=
 =?us-ascii?Q?q6cu4hCG9UEtB6blYPQUhVUoys/aYdkDXzh53YpAE+C0rxRZWu0t2N9EkXeu?=
 =?us-ascii?Q?n0FvOPbPPQ=3D=3D?=
Content-Type: multipart/alternative;
 boundary="_000_SJ0PR11MB500667250EAC958D15489AFFDCC29SJ0PR11MB5006namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR11MB5006.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: be6726d1-93bf-4e78-8693-08da2e387653
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 May 2022 01:42:06.4112 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aAC0+eStyAd2nAyncJ/kefjPts7v4n4gB09uXv6j1ZT9jwU3/sd9Oa1Nxk179OkWtiXWQKD+KIMYLjN/pmz3DA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR11MB6226
X-OriginatorOrg: intel.com
X-Mailman-Approved-At: Mon, 09 May 2022 19:51:08 +0200
X-BeenThere: announce@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK announcements <announce.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/announce>,
 <mailto:announce-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/announce/>
List-Post: <mailto:announce@dpdk.org>
List-Help: <mailto:announce-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/announce>,
 <mailto:announce-request@dpdk.org?subject=subscribe>
Errors-To: announce-bounces@dpdk.org

--_000_SJ0PR11MB500667250EAC958D15489AFFDCC29SJ0PR11MB5006namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

A vulnerability was fixed in DPDK.
Some downstream stakeholders were warned in advance
in order to coordinate the release of fixes
and reduce the vulnerability window.

In DPDK Vhost communication, we didn't test if msg->payload.inflight.num_qu=
eues is out of bounds in function 'vhost_user_set_inflight_fd()', and could=
 cause the program to write OOB.

Commits: 6442c329b9d2 on the main branch

CVE: CVE-2021-3839
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=3D657
Severity: 5.2 (Medium)
CVSS scores: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L


--_000_SJ0PR11MB500667250EAC958D15489AFFDCC29SJ0PR11MB5006namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:DengXian;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"\@DengXian";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72" style=3D"word-wrap:=
break-word">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">A vulnerability was fixed in DPDK.<o:p></o:p></p>
<p class=3D"MsoNormal">Some downstream stakeholders were warned in advance<=
o:p></o:p></p>
<p class=3D"MsoNormal">in order to coordinate the release of fixes<o:p></o:=
p></p>
<p class=3D"MsoNormal">and reduce the vulnerability window.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">In DPDK Vhost communication, we didn't test if msg-&=
gt;payload.inflight.num_queues is out of bounds in function &#8216;vhost_us=
er_set_inflight_fd()&#8217;, and could cause the program to write OOB.<o:p>=
</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Commits: 6442c329b9d2 on the main branch<o:p></o:p><=
/p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">CVE: CVE-2021-3839<o:p></o:p></p>
<p class=3D"MsoNormal">Bugzilla: <a href=3D"https://bugs.dpdk.org/show_bug.=
cgi?id=3D657">
https://bugs.dpdk.org/show_bug.cgi?id=3D657</a><o:p></o:p></p>
<p class=3D"MsoNormal">Severity: 5.2 (Medium)<o:p></o:p></p>
<p class=3D"MsoNormal">CVSS scores: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L=
<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_SJ0PR11MB500667250EAC958D15489AFFDCC29SJ0PR11MB5006namp_--