From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2A65EA0093 for ; Mon, 18 May 2020 16:50:10 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id B193D1D171; Mon, 18 May 2020 16:50:09 +0200 (CEST) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id 19CDB1D146; Mon, 18 May 2020 16:50:06 +0200 (CEST) IronPort-SDR: Nes8SXvhUCR9ek/O3qTQahwenIB8Q3f4C7jdt9FDUL7wCBpMr7M8vJ+B27lbubO0PZW8MnFdRp 2uXvhH6Llk9g== X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2020 07:50:06 -0700 IronPort-SDR: sP0MtIQbFem8UZFz7qTM+oi0+sovb8Nb1IwlOqdKK72SWvRYS84T4VvTgUTVOjZc3SyY7krpcL Wd9h702WEovg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,407,1583222400"; d="asc'?scan'208";a="252914768" Received: from fyigit-mobl.ger.corp.intel.com (HELO [10.213.193.210]) ([10.213.193.210]) by orsmga007.jf.intel.com with ESMTP; 18 May 2020 07:50:04 -0700 From: Ferruh Yigit To: dpdk-announce Cc: security@dpdk.org, security-prerelease@dpdk.org, oss-security@lists.openwall.com, dpdk-dev Autocrypt: addr=ferruh.yigit@intel.com; keydata= mQINBFXZCFABEADCujshBOAaqPZpwShdkzkyGpJ15lmxiSr3jVMqOtQS/sB3FYLT0/d3+bvy qbL9YnlbPyRvZfnP3pXiKwkRoR1RJwEo2BOf6hxdzTmLRtGtwWzI9MwrUPj6n/ldiD58VAGQ +iR1I/z9UBUN/ZMksElA2D7Jgg7vZ78iKwNnd+vLBD6I61kVrZ45Vjo3r+pPOByUBXOUlxp9 GWEKKIrJ4eogqkVNSixN16VYK7xR+5OUkBYUO+sE6etSxCr7BahMPKxH+XPlZZjKrxciaWQb +dElz3Ab4Opl+ZT/bK2huX+W+NJBEBVzjTkhjSTjcyRdxvS1gwWRuXqAml/sh+KQjPV1PPHF YK5LcqLkle+OKTCa82OvUb7cr+ALxATIZXQkgmn+zFT8UzSS3aiBBohg3BtbTIWy51jNlYdy ezUZ4UxKSsFuUTPt+JjHQBvF7WKbmNGS3fCid5Iag4tWOfZoqiCNzxApkVugltxoc6rG2TyX CmI2rP0mQ0GOsGXA3+3c1MCdQFzdIn/5tLBZyKy4F54UFo35eOX8/g7OaE+xrgY/4bZjpxC1 1pd66AAtKb3aNXpHvIfkVV6NYloo52H+FUE5ZDPNCGD0/btFGPWmWRmkPybzColTy7fmPaGz cBcEEqHK4T0aY4UJmE7Ylvg255Kz7s6wGZe6IR3N0cKNv++O7QARAQABtCVGZXJydWggWWln aXQgPGZlcnJ1aC55aWdpdEBpbnRlbC5jb20+iQJsBBMBCgBWAhsDAh4BAheABQsJCAcDBRUK CQgLBRYCAwEABQkKqZZ8FiEE0jZTh0IuwoTjmYHH+TPrQ98TYR8FAl6ha3sXGHZrczovL2tl eXMub3BlbnBncC5vcmcACgkQ+TPrQ98TYR8uLA//QwltuFliUWe60xwmu9sY38c1DXvX67wk UryQ1WijVdIoj4H8cf/s2KtyIBjc89R254KMEfJDao/LrXqJ69KyGKXFhFPlF3VmFLsN4XiT PSfxkx8s6kHVaB3O183p4xAqnnl/ql8nJ5ph9HuwdL8CyO5/7dC/MjZ/mc4NGq5O9zk3YRGO lvdZAp5HW9VKW4iynvy7rl3tKyEqaAE62MbGyfJDH3C/nV/4+mPc8Av5rRH2hV+DBQourwuC ci6noiDP6GCNQqTh1FHYvXaN4GPMHD9DX6LtT8Fc5mL/V9i9kEVikPohlI0WJqhE+vQHFzR2 1q5nznE+pweYsBi3LXIMYpmha9oJh03dJOdKAEhkfBr6n8BWkWQMMiwfdzg20JX0o7a/iF8H 4dshBs+dXdIKzPfJhMjHxLDFNPNH8zRQkB02JceY9ESEah3wAbzTwz+e/9qQ5OyDTQjKkVOo cxC2U7CqeNt0JZi0tmuzIWrfxjAUulVhBmnceqyMOzGpSCQIkvalb6+eXsC9V1DZ4zsHZ2Mx Hi+7pCksdraXUhKdg5bOVCt8XFmx1MX4AoV3GWy6mZ4eMMvJN2hjXcrreQgG25BdCdcxKgqp e9cMbCtF+RZax8U6LkAWueJJ1QXrav1Jk5SnG8/5xANQoBQKGz+yFiWcgEs9Tpxth15o2v59 gXK5Ag0EV9ZMvgEQAKc0Db17xNqtSwEvmfp4tkddwW9XA0tWWKtY4KUdd/jijYqc3fDD54ES YpV8QWj0xK4YM0dLxnDU2IYxjEshSB1TqAatVWz9WtBYvzalsyTqMKP3w34FciuL7orXP4Ai bPtrHuIXWQOBECcVZTTOdZYGAzaYzxiAONzF9eTiwIqe9/oaOjTwTLnOarHt16QApTYQSnxD UQljeNvKYt1lZE/gAUUxNLWsYyTT+22/vU0GDUahsJxs1+f1yEr+OGrFiEAmqrzpF0lCS3f/ 3HVTU6rS9cK3glVUeaTF4+1SK5ZNO35piVQCwphmxa+dwTG/DvvHYCtgOZorTJ+OHfvCnSVj sM4kcXGjJPy3JZmUtyL9UxEbYlrffGPQI3gLXIGD5AN5XdAXFCjjaID/KR1c9RHd7Oaw0Pdc q9UtMLgM1vdX8RlDuMGPrj5sQrRVbgYHfVU/TQCk1C9KhzOwg4Ap2T3tE1umY/DqrXQgsgH7 1PXFucVjOyHMYXXugLT8YQ0gcBPHy9mZqw5mgOI5lCl6d4uCcUT0l/OEtPG/rA1lxz8ctdFB VOQOxCvwRG2QCgcJ/UTn5vlivul+cThi6ERPvjqjblLncQtRg8izj2qgmwQkvfj+h7Ex88bI 8iWtu5+I3K3LmNz/UxHBSWEmUnkg4fJlRr7oItHsZ0ia6wWQ8lQnABEBAAGJAjwEGAEKACYC GwwWIQTSNlOHQi7ChOOZgcf5M+tD3xNhHwUCXqFrngUJCKxSYAAKCRD5M+tD3xNhH3YWD/9b cUiWaHJasX+OpiuZ1Li5GG3m9aw4lR/k2lET0UPRer2Jy1JsL+uqzdkxGvPqzFTBXgx/6Byz EMa2mt6R9BCyR286s3lxVS5Bgr5JGB3EkpPcoJT3A7QOYMV95jBiiJTy78Qdzi5LrIu4tW6H o0MWUjpjdbR01cnj6EagKrDx9kAsqQTfvz4ff5JIFyKSKEHQMaz1YGHyCWhsTwqONhs0G7V2 0taQS1bGiaWND0dIBJ/u0pU998XZhmMzn765H+/MqXsyDXwoHv1rcaX/kcZIcN3sLUVcbdxA WHXOktGTQemQfEpCNuf2jeeJlp8sHmAQmV3dLS1R49h0q7hH4qOPEIvXjQebJGs5W7s2vxbA 5u5nLujmMkkfg1XHsds0u7Zdp2n200VC4GQf8vsUp6CSMgjedHeF9zKv1W4lYXpHp576ZV7T GgsEsvveAE1xvHnpV9d7ZehPuZfYlP4qgo2iutA1c0AXZLn5LPcDBgZ+KQZTzm05RU1gkx7n gL9CdTzVrYFy7Y5R+TrE9HFUnsaXaGsJwOB/emByGPQEKrupz8CZFi9pkqPuAPwjN6Wonokv ChAewHXPUadcJmCTj78Oeg9uXR6yjpxyFjx3vdijQIYgi5TEGpeTQBymLANOYxYWYOjXk+ae dYuOYKR9nbPv+2zK9pwwQ2NXbUBystaGyQ== Message-ID: Date: Mon, 18 May 2020 15:49:58 +0100 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="87UjkjaXWJluisIzTxqdGHzIrq9BpVGw2" Subject: [dpdk-announce] DPDK security advisory for multiple vhost related issues X-BeenThere: announce@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK announcements List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: announce-bounces@dpdk.org Sender: "announce" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --87UjkjaXWJluisIzTxqdGHzIrq9BpVGw2 Content-Type: multipart/mixed; boundary="diJoil16XqfP3NHqW1RABR0D396lUiIHe"; protected-headers="v1" From: Ferruh Yigit To: dpdk-announce Cc: security@dpdk.org, security-prerelease@dpdk.org, oss-security@lists.openwall.com, dpdk-dev Message-ID: Subject: DPDK security advisory for multiple vhost related issues --diJoil16XqfP3NHqW1RABR0D396lUiIHe Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable A set of vulnerabilities fixed in DPDK: - CVE-2020-10722 - CVE-2020-10723 - CVE-2020-10724 - CVE-2020-10725 - CVE-2020-10726 Some downstream stakeholders were warned in advance in order to coordinat= e the release of fixes and reduce the vulnerability window. Problem: A malicious guess/container can cause resource leak resulting a Denial-of-Service, or memory corruption and crash, or information leak in= vhost-user backend application. All users of the vhost library are strongly encouraged to upgrade as soon= as possible. Thanks to the reporters, all credit goes to them: Ilja Van Sprundel Marvin Liu Xiaolong Ye Stable Releases download links: DPDK 20.02.1 http://fast.dpdk.org/rel/dpdk-20.02.1.tar.xz DPDK 18.11.8 (LTS) http://fast.dpdk.org/rel/dpdk-18.11.8.tar.xz DPDK 19.11.2 (LTS) http://fast.dpdk.org/rel/dpdk-19.11.2.tar.xz Details: CVE-2020-10722 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=3D267 Severity: 5.1 (Medium) CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Summary: DPDK librte_vhost: Interger overflow in vhost_user_set_log_base(= ) Reporter: Ilja Van Sprundel CVE-2020-10723 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=3D268 Severity: 5.1 (Medium) CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Summary: DPDK librte_vhost: Integer truncation in vhost_user_check_and_alloc_queue_pair() Reporter: Ilja Van Sprundel CVE-2020-10724 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=3D269 Severity: 5.1 (Medium) CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Summary: DPDK librte_vhost: Missing inputs validation in Vhost-crypto Reporter: Ilja Van Sprundel CVE-2020-10725 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=3D270 Severity: 7.7 (High) CVSS scores: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Summary: DPDK librte_vhost: Malicious guest could cause segfault by sendi= ng invalid Virtio descriptor Reporter: Marvin Liu CVE-2020-10726 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=3D271 Severity: 6.0 (Medium) CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Summary: DPDK librte_vhost: VHOST_USER_GET_INFLIGHT_FD message flooding t= o result in a DOS Reporter: Marvin Liu & Xiaolong Ye Commits: main repo https://git.dpdk.org/dpdk/commit/?id=3D3ae4beb079ce https://git.dpdk.org/dpdk/commit/?id=3Dc78d94189dce https://git.dpdk.org/dpdk/commit/?id=3Dacd4c92fa693 https://git.dpdk.org/dpdk/commit/?id=3D97ecc1c85c95 https://git.dpdk.org/dpdk/commit/?id=3D549de54c4f9f https://git.dpdk.org/dpdk/commit/?id=3De7debf602633 DPDK 20.02.1 https://git.dpdk.org/dpdk-stable/commit/?h=3D20.02&id=3D0545a19f5b99 https://git.dpdk.org/dpdk-stable/commit/?h=3D20.02&id=3Ddca5d97491b4 https://git.dpdk.org/dpdk-stable/commit/?h=3D20.02&id=3D64a4d90c673e https://git.dpdk.org/dpdk-stable/commit/?h=3D20.02&id=3D47791d99afe4 https://git.dpdk.org/dpdk-stable/commit/?h=3D20.02&id=3D74b0c5db0f1e https://git.dpdk.org/dpdk-stable/commit/?h=3D20.02&id=3Da827e27d81cc DPDK 18.11.8 (LTS) https://git.dpdk.org/dpdk-stable/commit/?h=3D18.11&id=3D338f5eae5de73 https://git.dpdk.org/dpdk-stable/commit/?h=3D18.11&id=3Dd87b67f57ef93 https://git.dpdk.org/dpdk-stable/commit/?h=3D18.11&id=3D5e4bc0f0e1e48 DPDK 19.11.2 (LTS) https://git.dpdk.org/dpdk-stable/commit/?h=3D19.11&id=3D2cf9c470ebff https://git.dpdk.org/dpdk-stable/commit/?h=3D19.11&id=3D8e9652b0b616 https://git.dpdk.org/dpdk-stable/commit/?h=3D19.11&id=3D963b6eea05f3 https://git.dpdk.org/dpdk-stable/commit/?h=3D19.11&id=3Dcd0ea71bb6a7 https://git.dpdk.org/dpdk-stable/commit/?h=3D19.11&id=3D95e1f29c2677 https://git.dpdk.org/dpdk-stable/commit/?h=3D19.11&id=3Dc9c630a117cf --=20 DPDK Security Team http://core.dpdk.org/security/ --diJoil16XqfP3NHqW1RABR0D396lUiIHe-- --87UjkjaXWJluisIzTxqdGHzIrq9BpVGw2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE0jZTh0IuwoTjmYHH+TPrQ98TYR8FAl7CoJsACgkQ+TPrQ98T YR8Y0hAAmz+ayo/rqtz8C5R2jwXrNY3oBF9hlgSKeCogYp4sPJ7N7NZQk2FGGaNJ ITCS0Of75Id3eafnUYzoBfbVpPnT7u8TJAYCiMc+vfZWjq/sipevMVx5jZMTCVej 1wKqk0arpHcuACz4sisb6+Uaysp7QVS1R31WTsvbmJKV/Zz9+p14QZVjV6vc0rpc xzh5ZvMkV4JTRhivj0c+nXmLxsLwQf4FyjzufbyJ8uKtRSKmSl7S4HBC2cqD57nD 2M/XNL8axGLNS+z1becVgdHyFMSsOT+CJeSfZtPWxcYCzAGRUq+a8lgmGLFEfzvB ohH/JszjqwAB/aYRKBM3e0Xuh2n2j4NTU2/HYf6ORkr6UldKY/neGrUUJamCUe1T LyNlxV9fgGVA6Nx3WEdPPSh0TnGRtmhDcwCHgSGXguhsc7RCK9m9wyedF10w+IOf wG69r4kKXRjBGoEFg/PSOxqMthAnwDak0MKLlpcaH21rCXbNeK4gLdnCoIy8iDEY 9FbILZy3v767c4y9m/aRydUhCSb9mVdAFZSyJsmiuf3Eq+9/Ad65PLIn/CdJ18Zt 9RCWhPGwPbPs/5E6gdKRSDJRTvGz/QFV+KTneKuiuCwN17OzNoRUJIr9nGpjsND7 8WI3S06Vdd+aZeyRJQQM/v6cKhoItLewrfTlyvn/eIGqp3PotRM= =Zq9F -----END PGP SIGNATURE----- --87UjkjaXWJluisIzTxqdGHzIrq9BpVGw2--