From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (xvm-189-124.dc0.ghst.net [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F07F3A09FF; Mon, 4 Jan 2021 14:28:18 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 71299160716; Mon, 4 Jan 2021 14:28:18 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mails.dpdk.org (Postfix) with ESMTP id 34C3C160712 for ; Mon, 4 Jan 2021 14:28:17 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1609766896; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/j5/gKF6B7E7RPrIWM3yA5sk3z0EwdaIj83fePF94wE=; b=To+mcVLzSZRWxJDgnY2NOM/F0L5iuQK1tNBxY3I9M1jOMlf+vj6XjQ3kkHu45ExHf3B66H T8+Jn2aI0gQKXmxzhQkyB8g9z2HIXL2Ooe/oEj07ZYtkAX2J1EAlqRpYFe+/lu185joVdH VwjXReFoUNRIiBNRJAU6vVFgbZVlmiY= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-181-oG8O7l4PNBSR_aBW0OpNtA-1; Mon, 04 Jan 2021 08:28:13 -0500 X-MC-Unique: oG8O7l4PNBSR_aBW0OpNtA-1 Received: by mail-ej1-f71.google.com with SMTP id k3so6944526ejr.16 for ; Mon, 04 Jan 2021 05:28:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/j5/gKF6B7E7RPrIWM3yA5sk3z0EwdaIj83fePF94wE=; b=XZdGaU+iivzxKrCjSYoq6JcYjFzOEulZwoKoONBAtgSAqkRqu/xlCB2DBmI+BdPzUs gdu46A84ZJxtwk3W8fRS1VnhqsUtqaYqtPAptm7bhH/PjmbcWiLQgYI5eR6Mab+YAN8C 8PJHzA7+pVDVwi/67xWbADY32lhO7yQoS6qh/UuRLu/uwmhHdFSAd69ccXvzKgLKEYDa /BIv86PuRy3yuGXRSgEwMKRgPXwvyOcrihqOKSSPtA8mNSyIV92Vf+A6fx5Jv4+bNR2n X0ZlSUICkyvHDh+MmIQ8rSfJH2pNEr72eCoYm6rlimMgWsctG/QANIqKewn5po9005VR Xh6g== X-Gm-Message-State: AOAM530XdEXiFvA02EGKd07unLNKRbCrdPtsd35r5TfyGw62f0gH2V9k ODS/gjKXe9uwQetNFo6Ges7lY/eyqtv6o0Ig3BQ7z4kIOR1pFojDpDFr3NBavTwLYQCM9lSaoNA wSUqssGW9oK6Bhr/1rr4= X-Received: by 2002:a50:fb97:: with SMTP id e23mr72618932edq.208.1609766890782; Mon, 04 Jan 2021 05:28:10 -0800 (PST) X-Google-Smtp-Source: ABdhPJyS4p2NXKeO+Cj2jebXSieWHUT9GkSTo0np1SFJE7E8GPFKJDPHW66l1g1CECw7HKSfzjIT9NHioBkERwrxL5E= X-Received: by 2002:a50:fb97:: with SMTP id e23mr72618922edq.208.1609766890634; Mon, 04 Jan 2021 05:28:10 -0800 (PST) MIME-Version: 1.0 References: <73386a14-6e5a-83e4-051d-125b5c5fe5d9@intel.com> <69a35308-0697-780d-8e72-422c7a2173d8@intel.com> In-Reply-To: <69a35308-0697-780d-8e72-422c7a2173d8@intel.com> From: Mauro Matteo Cascella Date: Mon, 4 Jan 2021 14:27:59 +0100 Message-ID: To: Ferruh Yigit Cc: oss-security@lists.openwall.com, security@dpdk.org, security-prerelease@dpdk.org, "dev@dpdk.org" , Ryan Hall Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mcascell@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Subject: Re: [dpdk-dev] [oss-security] DPDK security advisory for multiple vhost crypto issues X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Mon, Jan 4, 2021 at 12:29 PM Ferruh Yigit wrote: > > On 1/4/2021 8:28 AM, Mauro Matteo Cascella wrote: > > Hello, > > > > Is there any particular reason for the Scope metric to be Unchanged > > (S:U) for CVE-2020-14377 and CVE-2020-14378? > > > > removed dpdk-announce mail list > > Hi Mauro, > > CVE-2020-14377, the memory over read is in the scope of the same application, > that is the reason of the unchanged scope. There is another CVE below that can > use this information to figure out where to overwrite for remote execution which > has scope set as 'Changed'. > > CVE-2020-14378, can cause loop taken longer time and delays the service, since > it is eating the core cycles, if there is something else using that specific > core technically it may delay it too, but DPDK mostly uses all core for itself > and since mainly the vhost crypto service is affected, scope selected as Unchanged. > > Is there a concern on the selected scope metric? > > Thanks. > Thank you for the timely reply. With regard to CVE-2020-14377, the Scope metric was rated differently by NIST [1] hence my initial question. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-14377 > > On Mon, Sep 28, 2020 at 5:43 PM Ferruh Yigit wrote: > >> > >> A set of vulnerabilities are fixed in DPDK: > >> - CVE-2020-14374 > >> - CVE-2020-14375 > >> - CVE-2020-14376 > >> - CVE-2020-14377 > >> - CVE-2020-14378 > >> > >> Some downstream stakeholders were warned in advance in order to coordinate the > >> release of fixes and reduce the vulnerability window. > >> > >> Problem: > >> A malicious guest can harm the host using vhost crypto, this includes > >> executing code in host (VM Escape), reading host application memory > >> space to guest and causing partially denial of service in the host. > >> >From the problem statement above I assume all these CVEs lead to some kind of guest-to-host compromise, which usually implies a Scope change (or at least, this holds true for QEMU flaws). Therefore I was wondering what's the reason behind the different evaluation of the Scope metric between CVE-2020-14377 and the others. Regards. -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0