From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2C675A0542; Mon, 29 Aug 2022 20:12:29 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C766741148; Mon, 29 Aug 2022 20:12:26 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 418C04069D; Mon, 29 Aug 2022 20:12:25 +0200 (CEST) Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) by mails.dpdk.org (Postfix) with ESMTP id 1AEFA4003C; Mon, 29 Aug 2022 20:12:23 +0200 (CEST) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 90C51320091A; Mon, 29 Aug 2022 14:12:21 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Mon, 29 Aug 2022 14:12:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm1; t=1661796741; x=1661883141; bh=kF8K0X8x2/ OaHpASGVOnKLmguSc6Vd0qs1g5gDlzpbk=; b=OskCJYAsFOX0DOzD3mJuYIe44n ysAS2ZCzXZH72vwUufojcCWi1s3+yPlJOqolHuGHxEBM0Fvwk187iYSb/U5tJEdr DU22UXK4sVjpCqxzpf+rxPt2s2jVoNkf/i1Ub5WPhS/67JF62IxVWGYBA3udZOXz 1sQKJQwXPSlrm4w9B0Fs1r2hsvBL6Vvr5StpTxR5LBu/a1KyUjczedRyZk/cQHS4 v6joMILkg84KL/fHSKKGN/YWVavhPdGPzZeaJPAD0B+0QfP5wN6VAQPt6uJRMIdC 1bXI/WkI4yPX0eBauurMNl41HjQENkIiXrt17GCrlhr7qn7oksYDjTShOj3w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1661796741; x=1661883141; bh=kF8K0X8x2/OaH pASGVOnKLmguSc6Vd0qs1g5gDlzpbk=; b=2mCJ1zWU5ev8Gt5XBvIbEEQjZShI3 iNdtsxBz9cuaPDehmPrw7qj/s0tl+NM1zWQYLve6OuIcTV2mU3mWizJlz3uQm/5t 008nMyUOOpM4lnPctNcoivQVjtWMq0Bkxo+K/9eL7Txyht6YY50TzNdWE69Yei2m jRLTkXlOzD5ES/thq0NVXw1MKfrWrSNG+319FlnvFZ4yRwuHQiAv6oIRkCFpvhbI R7y0dCRXJajKfJTcU0KQCFCSX+b+MVQl+LukVCpb4m//ALVvohVX/vAeAxdBZh9E tGPfDs6NhS2tUJMmzMpkRQ4l/sMry6ourwf7idKXCwumTuQ3u1sR6Qv0w== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdekuddguddvfecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkggfgtgesthfure dttddtvdenucfhrhhomhepvfhhohhmrghsucfoohhnjhgrlhhonhcuoehthhhomhgrshes mhhonhhjrghlohhnrdhnvghtqeenucggtffrrghtthgvrhhnpeeuhedtudelvdekffekud duiefftdekhfelgffggeeifffhvdekvddvgffhteelffenucffohhmrghinhepughpughk rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epthhhohhmrghssehmohhnjhgrlhhonhdrnhgvth X-ME-Proxy: Feedback-ID: i47234305:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 29 Aug 2022 14:12:20 -0400 (EDT) From: Thomas Monjalon To: announce@dpdk.org Cc: security@dpdk.org, oss-security@lists.openwall.com Subject: CVE-2022-2132 disclosure Date: Mon, 29 Aug 2022 20:12:18 +0200 Message-ID: <1705193.jNaZZp9DzI@thomas> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-BeenThere: announce@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list X-BeenThere: dev@dpdk.org List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org A vulnerability was fixed in DPDK. Some downstream stakeholders were warned in advance in order to coordinate the release of fixes and reduce the vulnerability window. In copy_desc_to_mbuf() function, the Vhost header was assumed not across more than two descriptors. If a malicious guest send a packet with the Vhost header crossing more than two descriptors, the buf_avail will be a very large number near 4G. All the mbufs will be allocated, therefore other guests traffic will be blocked. A malicious guest can cause denial of service for the other guest running on the hypervisor. CVE: CVE-2022-2132 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=1031 Severity: 8.6 (High) CVSS scores: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Commits per branch: main https://git.dpdk.org/dpdk/commit/?id=71bd0cc536 https://git.dpdk.org/dpdk/commit/?id=dc1516e260 21.11 https://git.dpdk.org/dpdk-stable/commit/?id=f167022606 https://git.dpdk.org/dpdk-stable/commit/?id=e12d415556 20.11 https://git.dpdk.org/dpdk-stable/commit/?id=8fff8520f3 https://git.dpdk.org/dpdk-stable/commit/?id=089e01b375 19.11 https://git.dpdk.org/dpdk-stable/commit/?id=5b3c25e6ee https://git.dpdk.org/dpdk-stable/commit/?id=e73049ea26 LTS Releases: 21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz 20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz 19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz CVE: CVE-2022-2132 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=1031 Severity: 8.6 (High) CVSS scores: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H