From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (xvm-189-124.dc0.ghst.net [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id C9827A0A01;
	Mon,  4 Jan 2021 09:28:36 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 51F241606E6;
	Mon,  4 Jan 2021 09:28:36 +0100 (CET)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [63.128.21.124])
 by mails.dpdk.org (Postfix) with ESMTP id 732C71606E5
 for <dev@dpdk.org>; Mon,  4 Jan 2021 09:28:35 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1609748915;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=PqM1yq7bA5siaRa4arFQbz1E7yubIeBKZWpKl4PZh2g=;
 b=d+xl+pvEY4/Ntpu5936hC64kSFExsy9VnU6yngLvsWTw3VBn4Lxz+OZwuOzQxKg+MuEzmd
 nC1cnF8+jF4ha4voDJcLFFnYZFc7mqHMruksPdTtdqsdFA9f9+iMtQ/Fl9/FKO4AdPR3y2
 QfncsSKpcc0/c1yWdgdSuXbfWe4uQRc=
Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com
 [209.85.208.71]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-138-bPAW-6EPNyKEZOPPZESbbA-1; Mon, 04 Jan 2021 03:28:21 -0500
X-MC-Unique: bPAW-6EPNyKEZOPPZESbbA-1
Received: by mail-ed1-f71.google.com with SMTP id g25so11779444edu.4
 for <dev@dpdk.org>; Mon, 04 Jan 2021 00:28:21 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=PqM1yq7bA5siaRa4arFQbz1E7yubIeBKZWpKl4PZh2g=;
 b=RNUhG8R71NGNwpLasjcxeOgL9uQERI3n0yN4uMVLpFHJjE6xQh3ioM9jTddph5drIp
 0E03mGGeHlEQJ5KnoX4rN7Z3oLbsyvFfu6WXElyhmS1TGAp3MWdtvXC3H+fQDUbkgFuC
 5yVIE1uGR5WsmieJVdDCddul4TEbXpo3mQy3rv5Eo/rlcyijQJGMBEwwBQVfoRDFhqxU
 EF4+dc9cv+dDnAxTHf2C62fqwcOYbz1E6kI1HXJjcE6ExByqVxw61mM5itGazOYGkYmT
 LWKWP/co+c9+yBCH5HKBba2ec3CrIwkdQPRakYuRGlmNGHvfKMLGP0b5XhBGDJ6HY//O
 qWfw==
X-Gm-Message-State: AOAM531FAw0NpHhu2epMRIx7nVRfVvuCf1aTEg1IWcTm4aPICthkYRFA
 vhwKS0U8kFxex/S1FAdPD+Oev2Jjd+xqvr7YHgTRGNtM4o/zBxqygOBz/xGV+Pm+UH5SEB0xuZ6
 J/UGVosAuXHYRRqEkECI=
X-Received: by 2002:a05:6402:307c:: with SMTP id
 bs28mr70498910edb.186.1609748899901; 
 Mon, 04 Jan 2021 00:28:19 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxn5MPVkhc9zTJFprRBFoWFOoue9baX3a5c1v8X4zbDhHxUtUYIKY8dm76Q6u5kMZBJ8QyD7VoFfLbcteKM0kk=
X-Received: by 2002:a05:6402:307c:: with SMTP id
 bs28mr70498899edb.186.1609748899625; 
 Mon, 04 Jan 2021 00:28:19 -0800 (PST)
MIME-Version: 1.0
References: <73386a14-6e5a-83e4-051d-125b5c5fe5d9@intel.com>
In-Reply-To: <73386a14-6e5a-83e4-051d-125b5c5fe5d9@intel.com>
From: Mauro Matteo Cascella <mcascell@redhat.com>
Date: Mon, 4 Jan 2021 09:28:09 +0100
Message-ID: <CAA8xKjULPZw04YY9fd1d83893mmqXX_qp1UjRZdAWP7fU3yC_A@mail.gmail.com>
To: oss-security@lists.openwall.com
Cc: dpdk-announce <announce@dpdk.org>, security@dpdk.org,
 security-prerelease@dpdk.org, "dev@dpdk.org" <dev@dpdk.org>
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mcascell@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [dpdk-dev] [oss-security] DPDK security advisory for multiple
 vhost crypto issues
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hello,

Is there any particular reason for the Scope metric to be Unchanged
(S:U) for CVE-2020-14377 and CVE-2020-14378?

Thank you,

On Mon, Sep 28, 2020 at 5:43 PM Ferruh Yigit <ferruh.yigit@intel.com> wrote:
>
> A set of vulnerabilities are fixed in DPDK:
> - CVE-2020-14374
> - CVE-2020-14375
> - CVE-2020-14376
> - CVE-2020-14377
> - CVE-2020-14378
>
> Some downstream stakeholders were warned in advance in order to coordinate the
> release of fixes and reduce the vulnerability window.
>
> Problem:
> A malicious guest can harm the host using vhost crypto, this includes
> executing code in host (VM Escape), reading host application memory
> space to guest and causing partially denial of service in the host.
>
> All users of the vhost library are strongly encouraged to upgrade as soon as
> possible.
>
> Thanks to "Ryan Hall <ryan.e.hall@intel.com>" for reporting the issues.
>
>
> Stable releases download links:
>
> DPDK 18.11.10 (LTS)
> http://fast.dpdk.org/rel/dpdk-18.11.10.tar.xz
>
> DPDK 19.11.5 (LTS)
> https://fast.dpdk.org/rel/dpdk-19.11.5.tar.xz
>
>
> Details:
>
> CVE: CVE-2020-14374
> Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=272
> Severity: 8.8 (High)
> CVSS scores: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
> Summary : Remote Code Execution in vhost_crypto (VM Escape)
> Reporter: Ryan Hall <ryan.e.hall@intel.com>
>
> CVE: CVE-2020-14375
> Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=272
> Severity: 7.8 (High)
> CVSS scores: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
> Summary : Time-of-check time-of-use vulnerabilities throughout vhost_crypto.c
> Reporter: Ryan Hall <ryan.e.hall@intel.com>
>
> CVE: CVE-2020-14376
> Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=272
> Severity: 7.8 (High)
> CVSS scores: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
> Summary : Buffer overflow copying iv_data from guest to
>            host(prepare_sym_cipher_op & prepare_sym_chain_op)
> Reporter: Ryan Hall <ryan.e.hall@intel.com>
>
> CVE: CVE-2020-14377
> Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=272
> Severity: 7.1 (High)
> CVSS scores: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
> Summary: write_back_data buffer over read (cipher->para.dst_data_len &
>           desc->len)
> Reporter: Ryan Hall <ryan.e.hall@intel.com>
>
> CVE: CVE-2020-14378
> Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=272
> Severity: 3.3 (Low)
> CVSS scores: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
> Summary : Partial Denial of Service due to Integer Underflow
> Reporter: Ryan Hall <ryan.e.hall@intel.com>
>
>
> Commits:
> main repo (will be 20.11.0)
> https://git.dpdk.org/dpdk/commit/?id=57680e34498
> https://git.dpdk.org/dpdk/commit/?id=5677e68c05d
> https://git.dpdk.org/dpdk/commit/?id=b2866f47336
> https://git.dpdk.org/dpdk/commit/?id=409c47c7c5b
> https://git.dpdk.org/dpdk/commit/?id=e15b7c01120
> https://git.dpdk.org/dpdk/commit/?id=2d962bb7365
>
> DPDK 18.11.10 (LTS)
> https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=ab6314978567
> https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=7a5af91f8bf4
> https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=7e7c75edc635
> https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=ff65dc28bc71
> https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=75f8df70a2c8
> https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=6e8a4da39e68
>
> DPDK 19.11.5 (LTS)
> https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=3f2635c5a9c3
> https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=81e969483020
> https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=e4a7c14f0248
> https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=319b498e4b16
> https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=6a3a414698e4
> https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=e2666ec24535
>
> --
> DPDK Security Team
> http://core.dpdk.org/security/
>
>
>
>
>
>
>
>


-- 
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0