From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <dev-bounces@dpdk.org> Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2C675A0542; Mon, 29 Aug 2022 20:12:29 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C766741148; Mon, 29 Aug 2022 20:12:26 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 418C04069D; Mon, 29 Aug 2022 20:12:25 +0200 (CEST) Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) by mails.dpdk.org (Postfix) with ESMTP id 1AEFA4003C; Mon, 29 Aug 2022 20:12:23 +0200 (CEST) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 90C51320091A; Mon, 29 Aug 2022 14:12:21 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Mon, 29 Aug 2022 14:12:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm1; t=1661796741; x=1661883141; bh=kF8K0X8x2/ OaHpASGVOnKLmguSc6Vd0qs1g5gDlzpbk=; b=OskCJYAsFOX0DOzD3mJuYIe44n ysAS2ZCzXZH72vwUufojcCWi1s3+yPlJOqolHuGHxEBM0Fvwk187iYSb/U5tJEdr DU22UXK4sVjpCqxzpf+rxPt2s2jVoNkf/i1Ub5WPhS/67JF62IxVWGYBA3udZOXz 1sQKJQwXPSlrm4w9B0Fs1r2hsvBL6Vvr5StpTxR5LBu/a1KyUjczedRyZk/cQHS4 v6joMILkg84KL/fHSKKGN/YWVavhPdGPzZeaJPAD0B+0QfP5wN6VAQPt6uJRMIdC 1bXI/WkI4yPX0eBauurMNl41HjQENkIiXrt17GCrlhr7qn7oksYDjTShOj3w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1661796741; x=1661883141; bh=kF8K0X8x2/OaH pASGVOnKLmguSc6Vd0qs1g5gDlzpbk=; b=2mCJ1zWU5ev8Gt5XBvIbEEQjZShI3 iNdtsxBz9cuaPDehmPrw7qj/s0tl+NM1zWQYLve6OuIcTV2mU3mWizJlz3uQm/5t 008nMyUOOpM4lnPctNcoivQVjtWMq0Bkxo+K/9eL7Txyht6YY50TzNdWE69Yei2m jRLTkXlOzD5ES/thq0NVXw1MKfrWrSNG+319FlnvFZ4yRwuHQiAv6oIRkCFpvhbI R7y0dCRXJajKfJTcU0KQCFCSX+b+MVQl+LukVCpb4m//ALVvohVX/vAeAxdBZh9E tGPfDs6NhS2tUJMmzMpkRQ4l/sMry6ourwf7idKXCwumTuQ3u1sR6Qv0w== X-ME-Sender: <xms:hAENY-byvingvH7MWl5vfk_M96h60lf6K8vM1-J7jdKjLMN3QkpAXw> <xme:hAENYxYshvzj-oXPL-Bpf0bqEcMMM7WrwqZgQ5-bV5Se5pMXMHjj_tmInfKgLAm0F 5Gd_WRPyMv0h2mxZg> X-ME-Received: <xmr:hAENY4_hZMDo9hZuAbgUH7WxtfrlSFG7xff1RxdEx7vfWLo2ES2WyAUPlLD4T5CWN9hO_sveoq02LD0GjweQ852O-w> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdekuddguddvfecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkggfgtgesthfure dttddtvdenucfhrhhomhepvfhhohhmrghsucfoohhnjhgrlhhonhcuoehthhhomhgrshes mhhonhhjrghlohhnrdhnvghtqeenucggtffrrghtthgvrhhnpeeuhedtudelvdekffekud duiefftdekhfelgffggeeifffhvdekvddvgffhteelffenucffohhmrghinhepughpughk rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epthhhohhmrghssehmohhnjhgrlhhonhdrnhgvth X-ME-Proxy: <xmx:hQENYwrwUcSwMDvs-a2RiiUFrfwd4WH0PTE1Zu4wKZ66v-TeQYwuiQ> <xmx:hQENY5r0B2aL5a7LlUKDjmPLjwxbl8BXsQyL1qCpNiEiaf5GrVfX9w> <xmx:hQENY-QdBCLLKsjcl7BfUUZ2U_pkU71uiqPH_Tv5TNDia4Q6Hq2saw> <xmx:hQENY6AybzWG0U4GSx2Z-KYVc-rSPWXwT5yxGpVaq__7pj28G-WMvw> Feedback-ID: i47234305:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 29 Aug 2022 14:12:20 -0400 (EDT) From: Thomas Monjalon <thomas@monjalon.net> To: announce@dpdk.org Cc: security@dpdk.org, oss-security@lists.openwall.com Subject: CVE-2022-2132 disclosure Date: Mon, 29 Aug 2022 20:12:18 +0200 Message-ID: <1705193.jNaZZp9DzI@thomas> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-BeenThere: announce@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list X-BeenThere: dev@dpdk.org List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org A vulnerability was fixed in DPDK. Some downstream stakeholders were warned in advance in order to coordinate the release of fixes and reduce the vulnerability window. In copy_desc_to_mbuf() function, the Vhost header was assumed not across more than two descriptors. If a malicious guest send a packet with the Vhost header crossing more than two descriptors, the buf_avail will be a very large number near 4G. All the mbufs will be allocated, therefore other guests traffic will be blocked. A malicious guest can cause denial of service for the other guest running on the hypervisor. CVE: CVE-2022-2132 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=1031 Severity: 8.6 (High) CVSS scores: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Commits per branch: main https://git.dpdk.org/dpdk/commit/?id=71bd0cc536 https://git.dpdk.org/dpdk/commit/?id=dc1516e260 21.11 https://git.dpdk.org/dpdk-stable/commit/?id=f167022606 https://git.dpdk.org/dpdk-stable/commit/?id=e12d415556 20.11 https://git.dpdk.org/dpdk-stable/commit/?id=8fff8520f3 https://git.dpdk.org/dpdk-stable/commit/?id=089e01b375 19.11 https://git.dpdk.org/dpdk-stable/commit/?id=5b3c25e6ee https://git.dpdk.org/dpdk-stable/commit/?id=e73049ea26 LTS Releases: 21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz 20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz 19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz CVE: CVE-2022-2132 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=1031 Severity: 8.6 (High) CVSS scores: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H