From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9DC5442BD4; Mon, 29 May 2023 16:27:44 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1E54540EDF; Mon, 29 May 2023 16:27:44 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id 43D6840151 for ; Mon, 29 May 2023 16:27:42 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685370461; x=1716906461; h=from:to:subject:date:message-id:mime-version; bh=izLxyvWLe2Rkpyb45XNz9Lo6kBjOuno29LW+NcOeB0w=; b=VXgtCuXBEU8lgCwKjF3IjlN0Vg/Ib8aU7Eco3U2w3jVLk1kRxQJNj9CO 6mjGTNmkXSwQWCTyNWE6vEzhQdpeOTlmriB3x1LdbQMWd4nGKOs0eHs2a hsp1wg6vx1n9OOv4EuzZPoJAaeZnky6ixuyfP6RvEDQD48ZyYVjEBoOhR nnprJAZ63QfWnVORZ7k7tQHoNYdSymdWpp4oeFZqNrQu/XYExZKWtl+yc YvQQXZopDuGNtryljrNC3pLQXxSEONSlyiKChjDHRR9yKbh4zNM0AdPo5 GmvBy/RR+4BxAMImxMKlSweZqkwtjOFXctgNHhGTxJcvR80flnlnmJtDL w==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="420473428" X-IronPort-AV: E=Sophos;i="6.00,201,1681196400"; d="scan'208,217";a="420473428" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 May 2023 07:27:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="850421457" X-IronPort-AV: E=Sophos;i="6.00,201,1681196400"; d="scan'208,217";a="850421457" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga001.fm.intel.com with ESMTP; 29 May 2023 07:27:40 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Mon, 29 May 2023 07:27:40 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Mon, 29 May 2023 07:27:40 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.177) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Mon, 29 May 2023 07:27:39 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dkVRfON/qlXpu9mOSNzZAXT9sPP/rM4Tm76OEN5ZO+qd6yY8LLpRLqZe/qK6duEIy3J+6UiiD0K0M4SchMACcbpwtERl+ls+Qw4Qu9JZOWE6lvg0fNoOWDerqsazvF9uYggQgzyjaLYU0XEZ+lel71Oms5VzJofxfMNKTcvCeGGLL9DXy0xXG/IpIoW/UaiZOdEYq/anYMMpOX6anISWSw6mZ82zkBlJyLulMty+7LemN1pMuF1CffDD8hD7ixKc9hRFGxbfTAQM4ct0FFNeNahzJlFJDeaCrrATQgdx7wo1MGJFpfGXLjsZOosmtmtYlWF60Mq4f6+DhNVIDGZccQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WsseH0VdJsrrOFskpoSuOgLCIfUyImcUdMC4mZ59g1Q=; b=I2o9UDrT/y+4aVIh2VVLqYJ/ZdPIoBvK6vCNtbiiMQj/0IAPhB8qmqWG6Z9CPwnP1wGaKchbvvEee2nWl9gJtbtL+Kfvdh0VqLsPH+ZfUDV2HCu8TggjoLzfTxF+hOq605vNWrxvV5I4Sa1WhgONuAIafCx5GSRNvgivijq3nLmVK4I7e+5QIAjOR3ksTDx1wuHevF3jbrlpfM85kPfdEk2UVwBAY+wxLUZoAed/6QYh6rz6JGlJP9ALTNM87iDWhLSeOoBYJ+4yG0NuZU/JadchRtR4U/HHfx5hKPW4ULqQ2fS3bNDR2WbSFyLIklECJfC7G4LatUlXf5YqvyWzog== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SN7PR11MB7019.namprd11.prod.outlook.com (2603:10b6:806:2ae::22) by MN6PR11MB8145.namprd11.prod.outlook.com (2603:10b6:208:474::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.22; Mon, 29 May 2023 14:27:32 +0000 Received: from SN7PR11MB7019.namprd11.prod.outlook.com ([fe80::8de7:9dcd:7cfb:944]) by SN7PR11MB7019.namprd11.prod.outlook.com ([fe80::8de7:9dcd:7cfb:944%3]) with mapi id 15.20.6433.022; Mon, 29 May 2023 14:27:32 +0000 From: "Jiang, Cheng1" To: "dev@dpdk.org" Subject: 2022 DPDK CVE Summary Report Thread-Topic: 2022 DPDK CVE Summary Report Thread-Index: AdmSMgoim+xDzHZwRseKyIvhXuPOvw== Date: Mon, 29 May 2023 14:27:31 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN7PR11MB7019:EE_|MN6PR11MB8145:EE_ x-ms-office365-filtering-correlation-id: 2368e983-b589-4eab-3baa-08db6050d6aa x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 0oyZD6jYEBv90s/1BfzWlzm5uaFNdpOk2a4/Nll6/6/m3s1FdwF+lpGnq+A2FJvKs8tVWqn1L7XieZwM/IOVcUYk4p9BHPhNLfl+/39+1wrgvSfBZfQFVexNv7HNShaE3k8suRRTkqNIE9DrMQKU88PyuPfMfA3U5sjtUpiCCh1MHz4eByXUSYdrSzpVhd1PTOeQ2YgweVIutTQuP6WjUNsmW5Oj1l4o6H4t8C1lxNStT5gojNUAcKgntZYbdg0eVf8VSnUrwtg8tLdvWE+FqZT+KaIIwCywiXibtJ3pk7/x+Z6vOkkyU/odJfmHcvFOzchutB2wedxVL35ZtMfd22QjFR/xM3crRxaRg42Givod3SqoeBV7aFbe9zDcaF1GgIgaDe79MPGVzn1puJ1ENvtAdC7R+7qEPaoSF2FFmbArZRD6unIfVMlHTSkIkOLlYDWZezjfi+Izpbrmp4prPtIQZpAzVUZMEnWT/NiVbG3J+zFoSlZyYdZjog37CBWxuScZURmJcKfAj1aKvlOJY1nWSnVWtCh9scbfvNJZpqv62s8srb5KVbOjtOUAYpJLN+aRNZCCKHkOwcKpUHQSrz9sDDjyJ/2Ifukkw3xE67AWMcfnRCfn+vdU9T2i+x5zhjGkQCgQetJfjhUdRWIFow== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN7PR11MB7019.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(376002)(396003)(346002)(39860400002)(136003)(366004)(451199021)(71200400001)(478600001)(8676002)(8936002)(166002)(5660300002)(52536014)(38070700005)(33656002)(86362001)(2906002)(64756008)(66446008)(6916009)(66556008)(66476007)(122000001)(66946007)(76116006)(82960400001)(316002)(55016003)(38100700002)(41300700001)(26005)(186003)(83380400001)(9686003)(6506007)(966005)(7696005); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?gT0iUy7JhsSIuQQDAfbWdC30dANXWpwm/1djZcaJ6p3eXE5gGjIFCKMf5Mgp?= =?us-ascii?Q?WfE5WRTL2gxc332KYUbnFBPWEHVJz4gm9GrPNQOEuj8zzEIg65PSQRH1rpHY?= =?us-ascii?Q?QtxiXkJfHP+O/hyKluDnZ399q/6ZA0HGV7eMkUwYATYQSKUpxrZRMtWPST5q?= =?us-ascii?Q?/D7auUbPlvlBlE7ATNMuUrYTNztUo3jn0X0SdVLHVkj63xSmP5vRCf24qiH7?= =?us-ascii?Q?a9jm2b/wY8tGyb4VK8P1IWMb5iZqUbgSYUfqNmR3feR3zZXm8g7/TlXrvcE3?= =?us-ascii?Q?RQ6uHy5dFU1N42Eq1vl3GdOjHEds66HUu0rVJ6AEiT48gNc3ASaXYeG9gp8j?= =?us-ascii?Q?HsxJVIFVmBzweL9ZJfkdvw+fwFck+y3OACEnH3s57kpuRYnoXMAWqEASfqN6?= =?us-ascii?Q?Lt1ALJJdqjTPTJ7EMRdwHSxGey7RoZsnyqS+sK3cUQrWJddISXRZMCeUi9cu?= =?us-ascii?Q?gYRkyv1ABBDkDqiYBgbPprgkZc6tPDsjSgW+tIny1dSP/LXH81LrOIDt8VRJ?= =?us-ascii?Q?F5v6TAkZYMvFnHre6je7PAF33eKb5eK9IUebjnFy+qSS/wpmJD96bEz5F+b7?= =?us-ascii?Q?sNmCrd0/1OGuxrVwe7pJamqkB44P+f2CVHfoolEsELe7aYKa+0nTk+4uDOMW?= =?us-ascii?Q?D1vWeyD61bq8GlS6Lx1jM+tySBMPPYmhafqukRakOSX63UV2VGy8IDYshM7M?= =?us-ascii?Q?ZglBzoP+kq8KAlahZl8M/mN4yMTgO9iEXN1/3AFi06LycKSvCVygvXwmEFUD?= =?us-ascii?Q?WagaxmEf2bHyixg1iUPD/x8iyGa7Xjn1KCM9qu2Bc+OixTVTigaLTk4ObHNx?= =?us-ascii?Q?hLZLs84ueH4cEM8Wmu7aGR2kNw4D6Q08W5FY0nNIKUbgm4FVamDnW2afxE3U?= =?us-ascii?Q?4j5cVydb9qQZ7wdzxKnoaJSsEBwgaY/mJKCLl5CwR/eiwJRVyhykTq2wzTfL?= =?us-ascii?Q?5bv64qY9KZeKKtTtOMJQPYPHasBCyxSNdsnBKT1VJSJueZfmVK/LnQfTPZLN?= =?us-ascii?Q?1bWswVoYDdYTJkQqa7xNv7uCNBPiMjBDYrfr+9hXQhROfASx+R/CVCNRdKx3?= =?us-ascii?Q?ZVKd/9uLYo0lbGnNMFOZ/bzVSaxDUzae0xuaEN8Ld7CdthAZAgWsFHzx23DJ?= =?us-ascii?Q?RvqwT2upvaFpAzA/zTbnNSnL5x6d4rHfw5zhjKGtcXJKEB6EZK68ZpL1Mau0?= =?us-ascii?Q?Itjp8z8GSeu1MW2VPLE/GM60IOVzZSpTcqN6ZSBNwquL8LemEnMA7SfQTJbZ?= =?us-ascii?Q?cC69/lkcI43HS5nLHQsVzzLV+QktU3+GrnxquYDZ/Fckx8CXE59dfbzUX+X4?= =?us-ascii?Q?9yIgA9HAKtpxCkFhBIGQTldMGv3iTDcva/QXQ9ImbOEux5rrvdt/9w4rV5tO?= =?us-ascii?Q?AdxKsso23LyjjfHdISExDaUCX6m/fFb8l0T9ifrBnDKhQjni4j/0Ra1gzUJ/?= =?us-ascii?Q?1fM3xpu0SCk22rbbtTcWLH0SwAqO0cqzri/ssABs+RbeebEzhLuaAIBVKzXM?= =?us-ascii?Q?pqCNhXmdd3bl6RPt4+ltQFKgCgLdS9qW7l4ON61JwbS4elPBXUc9mljflR2A?= =?us-ascii?Q?BqBTMAaxfqq46nB+3RiwFpCjfAbo0gSaj+naVmov?= Content-Type: multipart/alternative; boundary="_000_SN7PR11MB7019F230C003E2D0494E1196DC4A9SN7PR11MB7019namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN7PR11MB7019.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2368e983-b589-4eab-3baa-08db6050d6aa X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2023 14:27:31.8041 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: QMxSvBTk1mvn/Y5MGL3rgZ+62cieoLHdFaiF5MZ8y26YAF46w4rhKvyYvUW5R35YoYYJk9R2AR9x+pTlWvPgDA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN6PR11MB8145 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org --_000_SN7PR11MB7019F230C003E2D0494E1196DC4A9SN7PR11MB7019namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi folks, I made a summary report regarding the 2022 DPDK CVE issues. In this report,= we will discuss the CVE[i] issues that have been fixed in 2022. A total of 4 CVEs were reported and addressed in 2022, details are as below= . 1. CVE-2021-3839 - Link: https://access.redhat.com/security/cve/CVE-2021-38= 39 Description: A flaw was discovered in DPDK's Vhost library. The function vh= ost_user_set_inflight_fd() does not validate msg->payload.inflight.num_queu= es, which could result in an out-of-bounds memory read/write. CVSS score: 7.5 (Moderate Impact). Impact: Any software that uses DPDK's Vhost library could experience crashe= s due to this vulnerability. Reported-by: Wenxiang Qian. Solution: We fixed this issue by adding proper validation checks and ensuri= ng that it does not exceed the maximum number of supported queues. 2. CVE-2022-0669 - Link: https://access.redhat.com/security/cve/CVE-2022-06= 69 Description: A flaw was discovered in DPDK which allows a malicious primary= vhost-user to attach an unexpected number of fds as ancillary data to VHOS= T_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages. By sending su= ch messages continuously, the primary vhost-user exhausts available fd in t= he vhost-user standby process, leading to a denial of service. CVSS score: 6.5 (Moderate Impact). Impact: This vulnerability could cause a denial of service (DoS). Reported-by: David Marchand. Solution: We limited the number of fds that can be attached as ancillary da= ta to the above messages and ensure their proper closing after use. 3. CVE-2022-2132 - Link: https://access.redhat.com/security/cve/CVE-2022-21= 32 Description: A flaw was detected in DPDK, which permits a remote attacker t= o create a denial of service through a crafted Vhost header. The copy_desc_= to_mbuf() function assumed that the Vhost header doesn't cross more than tw= o descriptors, but if a malicious entity sends a packet with a Vhost header= that crosses more than two descriptors, the buf_avail value becomes very l= arge near 4G, leading to blocking of other guest traffic and denial of serv= ice. CVSS score: 8.6 (Important Impact). Impact: This vulnerability could cause a denial of service (DoS). Reported-by: Cong Wang. Solution: We fixed this by checking the Vhost header length to ensure it do= es not exceed two descriptors. 4. CVE-2022-28199 - Link: https://access.redhat.com/security/cve/CVE-2022-2= 8199 Description: The DPDK package has a vulnerability that can cause denial of = service (DoS) attacks resulting in system unavailability. When facing a fai= lure with the mlx5 driver, the error recovery is not handled properly, whic= h allows remote attackers to cause DoS and some impact to data integrity an= d confidentiality. CVSS score: 6.5 (Moderate Impact). Impact: This vulnerability could cause DoS and some impact to data integrit= y and confidentiality. Reported-by: Thomas Monjalon. Solution: We improved the error recovery mechanism for the mlx5 driver to h= andle failures properly. In summary, 3 Moderate Impact CVEs and 1 Important Impact CVE in DPDK were = reported and addressed in 2022. Our top priority is delivering high-quality= , secure software to our customers and partners. Our commitment to this goa= l remain unchanged. If you have any questions or feedback, please do not he= sitate to contact us. The Security Team can be reached via security@dpdk.org. For any security report, messages should be encrypted with the following GP= G keys: * 213127A63D9087C9 - Cheng Jiang * 80A77F6095CDE47E - Stephen Hemminger * 683000CC50B9E390 - Thomas Monjalon Last but not least, I would like to extend our sincere gratitude to everyon= e involved in the timely identification and remediation of these security i= ssues. Without the diligent efforts of our developers, testers, and securit= y researchers, issues like these could have gone unnoticed and caused harm.= By working together as a community, we were able to solve these CVEs promp= tly and will continue enhancing our systems and software to prevent future = vulnerabilities. Thank you all again for your dedication and support. Let's= keep working to build secure and trustworthy technologies for the benefit = of all. Best Regards, Cheng ________________________________ [i] CVE is an acronym for Common Vulnerabilities and Exposures, which is a = database featuring publicly disclosed information security issues. Each vul= nerability listed in CVE has a unique identification number. CVE serves as = a dependable and convenient way for academics, enterprises, vendors, and ot= her interested parties to exchange information about cyber security issues. --_000_SN7PR11MB7019F230C003E2D0494E1196DC4A9SN7PR11MB7019namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi folks,

 

I made a summary report regarding the 2022 DPDK CVE issues. In this r= eport, we will discuss the CVE[i] issues that have been fixed in 2022.

A total of 4 CVEs were reported and addressed in 2022, details are as= below.

 

1. CVE-2021-3839 - Link: https://ac= cess.redhat.com/security/cve/CVE-2021-3839

Description: A flaw was discovered in DPDK's Vhost library. The funct= ion vhost_user_set_inflight_fd() does not validate msg->payload.inflight= .num_queues, which could result in an out-of-bounds memory read/write.

CVSS score: 7.5 (Moderate Impact).<= o:p>

Impact: Any software that uses DPDK's Vhost library could experience = crashes due to this vulnerability.

Reported-by: Wenxiang Qian.

Solution: We fixed this issue by adding proper validation checks and = ensuring that it does not exceed the maximum number of supported queues.

 

2. CVE-2022-0669 - Link: https://ac= cess.redhat.com/security/cve/CVE-2022-0669

Description: A flaw was discovered in DPDK which all= ows a malicious primary vhost-user to attach an unexpected number of fds as= ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD = messages. By sending such messages continuously, the primary vhost-user exhausts available fd in the vhost-us= er standby process, leading to a denial of service.

CVSS score: 6.5 (Moderate Impact).<= o:p>

Impact: This vulnerability could cause a denial of s= ervice (DoS).

Reported-by: David Marchand.

Solution: We limited the number of fds that can be a= ttached as ancillary data to the above messages and ensure their proper clo= sing after use.

 

3. CVE-2022-2132 - Link: https://ac= cess.redhat.com/security/cve/CVE-2022-2132

Description: A flaw was detected in DPDK, which permits a remote atta= cker to create a denial of service through a crafted Vhost header. The copy= _desc_to_mbuf() function assumed that the Vhost header doesn't cross more than two descriptors, but if a malicio= us entity sends a packet with a Vhost header that crosses more than two des= criptors, the buf_avail value becomes very large near 4G, leading to blocki= ng of other guest traffic and denial of service.

CVSS score: 8.6 (Important Impact).=

Impact: This vulnerability could cause a denial of service (DoS).

Reported-by: Cong Wang.

Solution: We fixed this by checking the Vhost header length to ensure= it does not exceed two descriptors.

 

4. CVE-2022-28199 - Link: https://a= ccess.redhat.com/security/cve/CVE-2022-28199

Description: The DPDK package has a vulnerability that can cause deni= al of service (DoS) attacks resulting in system unavailability. When facing= a failure with the mlx5 driver, the error recovery is not handled properly, which allows remote attackers to c= ause DoS and some impact to data integrity and confidentiality.

CVSS score: 6.5 (Moderate Impact).<= o:p>

Impact: This vulnerability could cause DoS and some impact to data in= tegrity and confidentiality.

Reported-by: Thomas Monjalon.

Solution: We improved the error recovery mechanism for the mlx5 drive= r to handle failures properly.

 

In summary, 3 Moderate Im= pact CVEs and 1 Important Impact CVE in DPDK were reporte= d and addressed in 2022. Our top priority is delivering high-quality, secur= e software to our customers and partners. Our commitment to this goal remai= n unchanged. If you have any questions or feedback, please do not hesitate to contact us.

The Security Team can be reached via security@dpdk.org.

For any security report, messages should be encrypte= d with the following GPG keys:

  • 213127A63D9087C9 - Cheng Jiang
  • 80A77F6095CDE47E - Stephen Hemminger
  • 683000CC50B9E390 - Thomas Monjalon

 

Last but not least, I would like to extend our since= re gratitude to everyone involved in the timely identification and remediat= ion of these security issues. Without the diligent efforts of our developer= s, testers, and security researchers, issues like these could have gone unnoticed and caused harm. By working to= gether as a community, we were able to solve these CVEs promptly and will c= ontinue enhancing our systems and software to prevent future vulnerabilitie= s. Thank you all again for your dedication and support. Let's keep working to build secure and trustworthy= technologies for the benefit of all.

 

Best Regards, 

Cheng

 


[i] CVE is an acron= ym for Common Vulnerabilities and Exposures, which is a database featuring publicly disclosed information security issues. Ea= ch vulnerability listed in CVE has a unique identification number. CVE serv= es as a dependable and convenient way for academics, enterprises, vendors, = and other interested parties to exchange information about cyber security issues.

 

--_000_SN7PR11MB7019F230C003E2D0494E1196DC4A9SN7PR11MB7019namp_--