Bugzilla – Bug 1171477
VUL-0: TRACKERBUG: dpdk: multiple vhost related issues
Last modified: 2021-09-13 16:48:55 UTC
now public through oss A set of vulnerabilities fixed in DPDK: - CVE-2020-10722 - CVE-2020-10723 - CVE-2020-10724 - CVE-2020-10725 - CVE-2020-10726 Some downstream stakeholders were warned in advance in order to coordinate the release of fixes and reduce the vulnerability window. Problem: A malicious guess/container can cause resource leak resulting a Denial-of-Service, or memory corruption and crash, or information leak in vhost-user backend application. All users of the vhost library are strongly encouraged to upgrade as soon as possible. Thanks to the reporters, all credit goes to them: Ilja Van Sprundel <ivansprundel@ioactive.com> Marvin Liu <yong.liu@intel.com> Xiaolong Ye <xiaolong.ye@intel.com> Stable Releases download links: DPDK 20.02.1 http://fast.dpdk.org/rel/dpdk-20.02.1.tar.xz DPDK 18.11.8 (LTS) http://fast.dpdk.org/rel/dpdk-18.11.8.tar.xz DPDK 19.11.2 (LTS) http://fast.dpdk.org/rel/dpdk-19.11.2.tar.xz Details: CVE-2020-10722 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=267 Severity: 5.1 (Medium) CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Summary: DPDK librte_vhost: Interger overflow in vhost_user_set_log_base() Reporter: Ilja Van Sprundel <ivansprundel@ioactive.com> CVE-2020-10723 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=268 Severity: 5.1 (Medium) CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Summary: DPDK librte_vhost: Integer truncation in vhost_user_check_and_alloc_queue_pair() Reporter: Ilja Van Sprundel <ivansprundel@ioactive.com> CVE-2020-10724 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=269 Severity: 5.1 (Medium) CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Summary: DPDK librte_vhost: Missing inputs validation in Vhost-crypto Reporter: Ilja Van Sprundel <ivansprundel@ioactive.com> CVE-2020-10725 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=270 Severity: 7.7 (High) CVSS scores: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Summary: DPDK librte_vhost: Malicious guest could cause segfault by sending invalid Virtio descriptor Reporter: Marvin Liu <yong.liu@intel.com> CVE-2020-10726 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=271 Severity: 6.0 (Medium) CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Summary: DPDK librte_vhost: VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DOS Reporter: Marvin Liu <yong.liu@intel.com> & Xiaolong Ye <xiaolong.ye@intel.com> Commits: main repo https://git.dpdk.org/dpdk/commit/?id=3ae4beb079ce https://git.dpdk.org/dpdk/commit/?id=c78d94189dce https://git.dpdk.org/dpdk/commit/?id=acd4c92fa693 https://git.dpdk.org/dpdk/commit/?id=97ecc1c85c95 https://git.dpdk.org/dpdk/commit/?id=549de54c4f9f https://git.dpdk.org/dpdk/commit/?id=e7debf602633 DPDK 20.02.1 https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=0545a19f5b99 https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=dca5d97491b4 https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=64a4d90c673e https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=47791d99afe4 https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=74b0c5db0f1e https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=a827e27d81cc DPDK 18.11.8 (LTS) https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=338f5eae5de73 https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=d87b67f57ef93 https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=5e4bc0f0e1e48 DPDK 19.11.2 (LTS) https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=2cf9c470ebff https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=8e9652b0b616 https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=963b6eea05f3 https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=cd0ea71bb6a7 https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=95e1f29c2677 https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=c9c630a117cf
SUSE-SU-2020:1335-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1171477 CVE References: CVE-2020-10722,CVE-2020-10723,CVE-2020-10724,CVE-2020-10725,CVE-2020-10726 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP1 (src): dpdk-18.11.3-4.6.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): dpdk-18.11.3-4.6.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:1334-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1171477 CVE References: CVE-2020-10722,CVE-2020-10723,CVE-2020-10724,CVE-2020-10725,CVE-2020-10726 Sources used: SUSE Linux Enterprise Server for SAP 15 (src): dpdk-18.11.3-3.19.2 SUSE Linux Enterprise Server 15-LTSS (src): dpdk-18.11.3-3.19.2, dpdk-thunderx-18.11.3-3.19.2 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): dpdk-18.11.3-3.19.2, dpdk-thunderx-18.11.3-3.19.2 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): dpdk-18.11.3-3.19.2, dpdk-thunderx-18.11.3-3.19.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
CVE-2020-10722 --> bsc#1171930 CVE-2020-10723 --> bsc#1171925 CVE-2020-10724 --> bsc#1171926 CVE-2020-10725 --> bsc#1171927 CVE-2020-10726 --> bsc#1171929
openSUSE-SU-2020:0693-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1171477 CVE References: CVE-2020-10722,CVE-2020-10723,CVE-2020-10724,CVE-2020-10725,CVE-2020-10726 Sources used: openSUSE Leap 15.1 (src): dpdk-18.11.3-lp151.3.4.1
SUSE-SU-2020:1430-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1171477,1171925,1171930 CVE References: CVE-2019-14818,CVE-2020-10722,CVE-2020-10723 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): dpdk-17.11.7-5.6.2, dpdk-thunderx-17.11.7-5.6.2 SUSE Linux Enterprise Server 12-SP4 (src): dpdk-17.11.7-5.6.2, dpdk-thunderx-17.11.7-5.6.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:1552-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1171477,1171925,1171926,1171930 CVE References: CVE-2020-10722,CVE-2020-10723,CVE-2020-10724 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): dpdk-18.11.3-3.9.2, dpdk-thunderx-18.11.3-3.9.2 SUSE Linux Enterprise Server 12-SP5 (src): dpdk-18.11.3-3.9.2, dpdk-thunderx-18.11.3-3.9.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
lets close this tracker, upadtes were released
SUSE-SU-2020:2194-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1156146,1171477,1171930,1174543 CVE References: CVE-2019-14818,CVE-2020-10722 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): dpdk-16.11.9-8.15.13 SUSE OpenStack Cloud 8 (src): dpdk-16.11.9-8.15.13 SUSE Linux Enterprise Server for SAP 12-SP3 (src): dpdk-16.11.9-8.15.13 SUSE Linux Enterprise Server 12-SP3-LTSS (src): dpdk-16.11.9-8.15.13, dpdk-thunderx-16.11.9-8.15.10 SUSE Linux Enterprise Server 12-SP3-BCL (src): dpdk-16.11.9-8.15.13 SUSE Enterprise Storage 5 (src): dpdk-16.11.9-8.15.13, dpdk-thunderx-16.11.9-8.15.10 HPE Helion Openstack 8 (src): dpdk-16.11.9-8.15.13 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.