Bug 1171477 - VUL-0: TRACKERBUG: dpdk: multiple vhost related issues
VUL-0: TRACKERBUG: dpdk: multiple vhost related issues
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Jaime Caamaño Ruiz
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-05-11 15:23 UTC by Alexandros Toptsoglou
Modified: 2021-09-13 16:48 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 6 Alexandros Toptsoglou 2020-05-19 08:14:21 UTC
now public through oss 

A set of vulnerabilities fixed in DPDK:
- CVE-2020-10722
- CVE-2020-10723
- CVE-2020-10724
- CVE-2020-10725
- CVE-2020-10726

Some downstream stakeholders were warned in advance in order to coordinate the
release of fixes and reduce the vulnerability window.

Problem:
A malicious guess/container can cause resource leak resulting a
Denial-of-Service, or memory corruption and crash, or information leak in
vhost-user backend application.

All users of the vhost library are strongly encouraged to upgrade as soon as
possible.

Thanks to the reporters, all credit goes to them:
Ilja Van Sprundel <ivansprundel@ioactive.com>
Marvin Liu <yong.liu@intel.com>
Xiaolong Ye <xiaolong.ye@intel.com>


Stable Releases download links:
DPDK 20.02.1
http://fast.dpdk.org/rel/dpdk-20.02.1.tar.xz

DPDK 18.11.8 (LTS)
http://fast.dpdk.org/rel/dpdk-18.11.8.tar.xz

DPDK 19.11.2 (LTS)
http://fast.dpdk.org/rel/dpdk-19.11.2.tar.xz



Details:

CVE-2020-10722
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=267
Severity: 5.1 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary: DPDK librte_vhost: Interger overflow in vhost_user_set_log_base()
Reporter: Ilja Van Sprundel <ivansprundel@ioactive.com>


CVE-2020-10723
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=268
Severity: 5.1 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary: DPDK librte_vhost: Integer truncation in
         vhost_user_check_and_alloc_queue_pair()
Reporter: Ilja Van Sprundel <ivansprundel@ioactive.com>


CVE-2020-10724
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=269
Severity: 5.1 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary: DPDK librte_vhost: Missing inputs validation in Vhost-crypto
Reporter: Ilja Van Sprundel <ivansprundel@ioactive.com>


CVE-2020-10725
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=270
Severity: 7.7 (High)
CVSS scores: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary: DPDK librte_vhost: Malicious guest could cause segfault by sending
         invalid Virtio descriptor
Reporter: Marvin Liu <yong.liu@intel.com>


CVE-2020-10726
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=271
Severity: 6.0 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Summary: DPDK librte_vhost: VHOST_USER_GET_INFLIGHT_FD message flooding to
         result in a DOS
Reporter: Marvin Liu <yong.liu@intel.com> & Xiaolong Ye <xiaolong.ye@intel.com>


Commits:
main repo
https://git.dpdk.org/dpdk/commit/?id=3ae4beb079ce
https://git.dpdk.org/dpdk/commit/?id=c78d94189dce
https://git.dpdk.org/dpdk/commit/?id=acd4c92fa693
https://git.dpdk.org/dpdk/commit/?id=97ecc1c85c95
https://git.dpdk.org/dpdk/commit/?id=549de54c4f9f
https://git.dpdk.org/dpdk/commit/?id=e7debf602633

DPDK 20.02.1
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=0545a19f5b99
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=dca5d97491b4
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=64a4d90c673e
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=47791d99afe4
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=74b0c5db0f1e
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=a827e27d81cc

DPDK 18.11.8 (LTS)
https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=338f5eae5de73
https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=d87b67f57ef93
https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=5e4bc0f0e1e48

DPDK 19.11.2 (LTS)
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=2cf9c470ebff
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=8e9652b0b616
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=963b6eea05f3
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=cd0ea71bb6a7
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=95e1f29c2677
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=c9c630a117cf
Comment 8 Swamp Workflow Management 2020-05-19 16:13:25 UTC
SUSE-SU-2020:1335-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1171477
CVE References: CVE-2020-10722,CVE-2020-10723,CVE-2020-10724,CVE-2020-10725,CVE-2020-10726
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    dpdk-18.11.3-4.6.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    dpdk-18.11.3-4.6.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-05-19 16:20:27 UTC
SUSE-SU-2020:1334-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1171477
CVE References: CVE-2020-10722,CVE-2020-10723,CVE-2020-10724,CVE-2020-10725,CVE-2020-10726
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    dpdk-18.11.3-3.19.2
SUSE Linux Enterprise Server 15-LTSS (src):    dpdk-18.11.3-3.19.2, dpdk-thunderx-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    dpdk-18.11.3-3.19.2, dpdk-thunderx-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    dpdk-18.11.3-3.19.2, dpdk-thunderx-18.11.3-3.19.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Alexandros Toptsoglou 2020-05-20 16:34:56 UTC
CVE-2020-10722 --> bsc#1171930
CVE-2020-10723 --> bsc#1171925
CVE-2020-10724 --> bsc#1171926
CVE-2020-10725 --> bsc#1171927
CVE-2020-10726 --> bsc#1171929
Comment 14 Swamp Workflow Management 2020-05-22 22:24:43 UTC
openSUSE-SU-2020:0693-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1171477
CVE References: CVE-2020-10722,CVE-2020-10723,CVE-2020-10724,CVE-2020-10725,CVE-2020-10726
Sources used:
openSUSE Leap 15.1 (src):    dpdk-18.11.3-lp151.3.4.1
Comment 15 Swamp Workflow Management 2020-05-26 19:14:43 UTC
SUSE-SU-2020:1430-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1171477,1171925,1171930
CVE References: CVE-2019-14818,CVE-2020-10722,CVE-2020-10723
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    dpdk-17.11.7-5.6.2, dpdk-thunderx-17.11.7-5.6.2
SUSE Linux Enterprise Server 12-SP4 (src):    dpdk-17.11.7-5.6.2, dpdk-thunderx-17.11.7-5.6.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2020-06-08 13:27:01 UTC
SUSE-SU-2020:1552-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1171477,1171925,1171926,1171930
CVE References: CVE-2020-10722,CVE-2020-10723,CVE-2020-10724
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    dpdk-18.11.3-3.9.2, dpdk-thunderx-18.11.3-3.9.2
SUSE Linux Enterprise Server 12-SP5 (src):    dpdk-18.11.3-3.9.2, dpdk-thunderx-18.11.3-3.9.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Marcus Meissner 2020-07-25 06:30:20 UTC
lets close this tracker, upadtes were released
Comment 18 Swamp Workflow Management 2020-08-11 16:22:56 UTC
SUSE-SU-2020:2194-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1156146,1171477,1171930,1174543
CVE References: CVE-2019-14818,CVE-2020-10722
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    dpdk-16.11.9-8.15.13
SUSE OpenStack Cloud 8 (src):    dpdk-16.11.9-8.15.13
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    dpdk-16.11.9-8.15.13
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    dpdk-16.11.9-8.15.13, dpdk-thunderx-16.11.9-8.15.10
SUSE Linux Enterprise Server 12-SP3-BCL (src):    dpdk-16.11.9-8.15.13
SUSE Enterprise Storage 5 (src):    dpdk-16.11.9-8.15.13, dpdk-thunderx-16.11.9-8.15.10
HPE Helion Openstack 8 (src):    dpdk-16.11.9-8.15.13

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.