From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C242FA0542; Mon, 29 Aug 2022 19:55:27 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8CC2541140; Mon, 29 Aug 2022 19:55:24 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1E1864069D; Mon, 29 Aug 2022 19:55:23 +0200 (CEST) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) by mails.dpdk.org (Postfix) with ESMTP id A63784003C for ; Mon, 29 Aug 2022 19:55:21 +0200 (CEST) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 00D975C00FC; Mon, 29 Aug 2022 13:55:21 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Mon, 29 Aug 2022 13:55:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm1; t=1661795720; x=1661882120; bh=o0QQ+CYUkY 0JBM5LJleTev3PrUZieipjs772V66YA1U=; b=eSnXBGZNl9Nzsch9KNTFE3CiKf /9iUpB4uWOuxa2/xSbP4cKC14DFMZgP+jo9Xr8meFAEmwjjfb+u4NtFo2MM68G+Z /ebI0SOJP9KCiSbQPgYuSMrSoHtEvQCaNJiB1D+PoVBawzZyYTbd3W60pgehSe6r +c95FMS20FDJCpOp6YwQz2KZ/JHLgbf+792hTi8uuiySjMcID3iJc0b90W1FgfU6 ToG3E70MYCG1Vua7vYR6d+WqEW8krfwke9C/elUeIGf+QkZwEhN8jncw1HJ2LOr/ 5IX8Amq6eAb1FP5ZYzGT0CJJ6mOaF28e6t+Tn750Q2kyg0v0GL2gK2dI+AsA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1661795720; x=1661882120; bh=o0QQ+CYUkY0JB M5LJleTev3PrUZieipjs772V66YA1U=; b=k8KjYsu4ouGts7aIW/DDxAkoeKHm2 /Rl0MMxuXFyWMO+HmPqyAI3Bve5yqla4tJ0zyOPZrYNtd1W2nxb29gGE3IUr5bNn ocFULGK4NRm8pAC2gknGQgR5iKxoiZjVedqhI/LPf6JWdQlXCJdKYeABl0MddHlY 7ru1C4EhZVgFw3vOsE+ewSZODW96jUEzByL0wmS0QzZMcwgVlKjGK1i8R9w3AzX+ rjj+abBYvICZNv7+xI/cYNlpznTK/14sCKm5bJAD81RpwkQ3Uj/VxhxTXHGDazmR 4NzNk0rwZYKR+TDOwo8mgNbd4n5hi3hXPEyyOIpcK2/MHWiHs7JPyZAZA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdekuddguddvtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkggfgtgesthfure dttddtvdenucfhrhhomhepvfhhohhmrghsucfoohhnjhgrlhhonhcuoehthhhomhgrshes mhhonhhjrghlohhnrdhnvghtqeenucggtffrrghtthgvrhhnpeeuhedtudelvdekffekud duiefftdekhfelgffggeeifffhvdekvddvgffhteelffenucffohhmrghinhepughpughk rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epthhhohhmrghssehmohhnjhgrlhhonhdrnhgvth X-ME-Proxy: Feedback-ID: i47234305:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 29 Aug 2022 13:55:19 -0400 (EDT) From: Thomas Monjalon To: announce@dpdk.org Cc: oss-security@lists.openwall.com Subject: CVE-2022-28199 disclosure Date: Mon, 29 Aug 2022 19:55:17 +0200 Message-ID: <16136472.hlxOUv9cDv@thomas> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-BeenThere: announce@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list X-BeenThere: dev@dpdk.org List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org A vulnerability was fixed in DPDK. Some downstream stakeholders were warned in advance in order to coordinate the release of fixes and reduce the vulnerability window. When having a failure with the mlx5 driver, the error recovery was not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. CVE: CVE-2022-28199 Severity: 6.5 CVSS scores: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Commits per branch: main - https://git.dpdk.org/dpdk/commit/?id=60b254e392 21.11 - https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd323 20.11 - https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d2 19.11 - https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664 LTS Releases: 21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz 20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz 19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz