From: David Marchand <david.marchand@redhat.com>
To: Maxime Coquelin <maxime.coquelin@redhat.com>, dev@dpdk.org
Cc: Jason Wang <jasowang@redhat.com>
Subject: Re: [dpdk-dev] [master PATCH v2 1/2] vhost: fix possible denial of service on SET_VRING_NUM
Date: Tue, 12 Nov 2019 16:23:06 +0100 [thread overview]
Message-ID: <31404217-32f8-4c43-d3b4-6fdf9bf43a31@redhat.com> (raw)
In-Reply-To: <20191112151935.27518-1-maxime.coquelin@redhat.com>
On 12/11/2019 16:19, Maxime Coquelin wrote:
> vhost_user_set_vring_num() performs multiple allocations
> without checking whether data were previously allocated.
>
> It may cause a denial of service because of the memory leaks
> that happen if a malicious vhost-user master keeps sending
> VHOST_USER_SET_VRING_NUM request until the slave runs out
> of memory.
>
> This issue has been assigned CVE-2019-14818
>
> Fixes: b0a985d1f340 ("vhost: add dequeue zero copy")
>
> Reported-by: Jason Wang <jasowang@redhat.com>
> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Applied, thanks.
--
David Marchand
next prev parent reply other threads:[~2019-11-12 15:23 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 15:15 [dpdk-dev] DPDK security advisory: CVE-2019-14818 Ferruh Yigit
2019-11-12 15:18 ` [dpdk-dev] [v16.11 PATCH v2 1/4] vhost: validate virtqueue size Maxime Coquelin
2019-11-12 15:18 ` [dpdk-dev] [v16.11 PATCH v2 2/4] vhost: add number of fds to vhost-user messages Maxime Coquelin
2019-11-12 15:18 ` [dpdk-dev] [v16.11 PATCH v2 3/4] vhost: fix possible denial of service on SET_VRING_NUM Maxime Coquelin
2019-11-12 15:18 ` [dpdk-dev] [v16.11 PATCH v2 4/4] vhost: fix possible denial of service by leaking FDs Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v17.11 PATCH v2 1/4] vhost: validate virtqueue size Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v17.11 PATCH v2 2/4] vhost: add number of fds to vhost-user messages Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v17.11 PATCH v2 3/4] vhost: fix possible denial of service on SET_VRING_NUM Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v17.11 PATCH v2 4/4] vhost: fix possible denial of service by leaking FDs Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v18.11 PATCH v2 1/2] vhost: fix possible denial of service on SET_VRING_NUM Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v18.11 PATCH v2 2/2] vhost: fix possible denial of service by leaking FDs Maxime Coquelin
2019-11-12 15:29 ` [dpdk-dev] [dpdk-stable] " Kevin Traynor
2019-11-12 15:29 ` [dpdk-dev] [dpdk-stable] [v18.11 PATCH v2 1/2] vhost: fix possible denial of service on SET_VRING_NUM Kevin Traynor
2019-11-12 15:19 ` [dpdk-dev] [master " Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [master PATCH v2 2/2] vhost: fix possible denial of service by leaking FDs Maxime Coquelin
2019-11-12 15:23 ` David Marchand
2019-11-12 15:23 ` David Marchand [this message]
2019-11-12 15:35 ` [dpdk-dev] DPDK security advisory: CVE-2019-14818 Ferruh Yigit
2019-11-14 11:25 ` [dpdk-dev] [dpdk-security] " Ferruh Yigit
2019-11-15 18:19 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=31404217-32f8-4c43-d3b4-6fdf9bf43a31@redhat.com \
--to=david.marchand@redhat.com \
--cc=dev@dpdk.org \
--cc=jasowang@redhat.com \
--cc=maxime.coquelin@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).