Bug 1202956 - (CVE-2022-28199) VUL-0: CVE-2022-28199: dpdk: buffer overflow in the vhost code
(CVE-2022-28199)
VUL-0: CVE-2022-28199: dpdk: buffer overflow in the vhost code
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/341170/
CVSSv3.1:SUSE:CVE-2022-28199:7.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-08-31 05:34 UTC by Alexander Bergmann
Modified: 2022-12-02 16:38 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-08-31 05:34:21 UTC
CVE-2022-28199

A buffer overflow was discovered in the vhost code of DPDK,
a set of libraries for fast packet processing, which could result
in denial of service or the execution of arbitrary code by malicious
guests/containers.
For the stable distribution (bullseye), these problems have been fixed in
version 20.11.6-1~deb11u1.
We recommend that you upgrade your dpdk packages.
For the detailed security status of dpdk please refer to
its security tracker page at:
\
https://security-tracker.debian.org/tracker/dpdk

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28199
https://security-tracker.debian.org/tracker/DSA-5222-1
Comment 1 Alexander Bergmann 2022-08-31 06:17:50 UTC
The error handling was introduced in version v19.08. 

commit 88c0733535d6a7ce79045d4d57a1d78d904067c8

Therefore the affected code can only be patched >= SLE-15-SP2.

SLE-15-SP4  dpdk-19.11.10
SLE-15-SP3  dpdk-19.11.4
SLE-15-SP2  dpdk-19.11.4
SLE-15-SP1  dpdk-18.11.9
SLE-15      dpdk-18.11.9
SLE-12-SP5  dpdk-18.11.9
SLE-12-SP4  dpdk-17.11.7
SLE-12-SP3  dpdk-16.11.9
SLE-12-SP2  dpdk-2.2.0

Master:
https://git.dpdk.org/dpdk/commit/?id=60b254e3923d007bcadbb8d410f95ad89a2f13fa 
v21.11.2:
https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd32374b0c3cbc260f3e3872408d749cb45
v20.11.6:
https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d21b4f68c8ccfc46a00cda7c2a0bf4cc
v19.11.13:
https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664e9d014cd8fa0fde90597aaf4349e7e

References:
https://www.openwall.com/lists/oss-security/2022/08/29/3
Comment 2 Petr Gajdos 2022-09-12 15:26:05 UTC
Fixes: 88c0733 ("net/mlx5: extend Rx completion with error handling")
https://git.dpdk.org/dpdk-stable/commit/?id=88c0733

Considering affected: 15sp4,15sp3,15sp2/dpdk.
Comment 3 Petr Gajdos 2022-09-12 15:28:42 UTC
Submitted for: 15sp4,15sp2/dpdk.

I get a build failure for 15sp3 which I do not know how to fix sofar:

[  416s] make[8]: *** [/usr/src/linux-5.3.18-150300.59.90/scripts/Makefile.modpost:101: __modpost] Error 2
[  416s] make[7]: *** [/usr/src/linux-5.3.18-150300.59.90/Makefile:1684: modules] Error 2
[  416s] make[6]: *** [../../../linux-5.3.18-150300.59.90/Makefile:179: sub-make] Error 2
[  416s] make[5]: *** [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.module.mk:51: igb_uio.ko] Error 2
[  416s] make[4]: *** [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.subdir.mk:37: igb_uio] Error 2
[  416s] make[3]: *** [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.subdir.mk:37: linux] Error 2
[  416s] make[2]: *** [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.sdkbuild.mk:48: kernel] Error 2
[  416s] make[1]: *** [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.sdkroot.mk:99: all] Error 2
[  416s] make: *** [Makefile:12: all] Error 2
[  416s] error: Bad exit status from /var/tmp/rpm-tmp.xTyYig (%build)


This is with or without this patch.
Comment 5 Petr Gajdos 2022-09-13 06:48:05 UTC
(In reply to Petr Gajdos from comment #3)
> Submitted for: 15sp4,15sp2/dpdk.
> 
> I get a build failure for 15sp3 which I do not know how to fix sofar:

[  416s] make[9]: *** No rule to make target 'vmlinux', needed by '/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/x86_64-native-linuxapp-gcc-default/build/kernel/linux/igb_uio/igb_uio.ko'.  Stop.

> [  416s] make[8]: ***
> [/usr/src/linux-5.3.18-150300.59.90/scripts/Makefile.modpost:101: __modpost]
> Error 2
> [  416s] make[7]: *** [/usr/src/linux-5.3.18-150300.59.90/Makefile:1684:
> modules] Error 2
> [  416s] make[6]: *** [../../../linux-5.3.18-150300.59.90/Makefile:179:
> sub-make] Error 2
> [  416s] make[5]: ***
> [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.module.mk:51:
> igb_uio.ko] Error 2
> [  416s] make[4]: ***
> [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.subdir.mk:37:
> igb_uio] Error 2
> [  416s] make[3]: ***
> [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.subdir.mk:37: linux]
> Error 2
> [  416s] make[2]: ***
> [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.sdkbuild.mk:48:
> kernel] Error 2
> [  416s] make[1]: ***
> [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.sdkroot.mk:99: all]
> Error 2
> [  416s] make: *** [Makefile:12: all] Error 2
> [  416s] error: Bad exit status from /var/tmp/rpm-tmp.xTyYig (%build)
> 
> 
> This is with or without this patch.
Comment 6 Petr Gajdos 2022-09-13 13:16:52 UTC
(In reply to Petr Gajdos from comment #3)
> I get a build failure for 15sp3 which I do not know how to fix sofar:

see bug 1203365
Comment 7 Petr Gajdos 2022-09-15 15:28:31 UTC
Submitted also for 15sp3/dpdk.

I believe all fixed.
Comment 9 Swamp Workflow Management 2022-09-23 10:19:55 UTC
SUSE-SU-2022:3341-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1202903,1202956
CVE References: CVE-2022-2132,CVE-2022-28199
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dpdk-19.11.10-150400.4.7.1, dpdk-thunderx-19.11.10-150400.4.7.1
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    dpdk-19.11.10-150400.4.7.1, dpdk-thunderx-19.11.10-150400.4.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-09-26 16:21:53 UTC
SUSE-SU-2022:3390-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1202903,1202956
CVE References: CVE-2022-2132,CVE-2022-28199
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    dpdk-19.11.4-150300.16.1, dpdk-thunderx-19.11.4-150300.16.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    dpdk-19.11.4-150300.16.1, dpdk-thunderx-19.11.4-150300.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-09-27 16:27:12 UTC
SUSE-SU-2022:3429-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1202903,1202956
CVE References: CVE-2022-2132,CVE-2022-28199
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    dpdk-19.11.4-150200.3.20.1
SUSE Manager Retail Branch Server 4.1 (src):    dpdk-19.11.4-150200.3.20.1
SUSE Manager Proxy 4.1 (src):    dpdk-19.11.4-150200.3.20.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    dpdk-19.11.4-150200.3.20.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    dpdk-19.11.4-150200.3.20.1, dpdk-thunderx-19.11.4-150200.3.20.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    dpdk-19.11.4-150200.3.20.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    dpdk-19.11.4-150200.3.20.1, dpdk-thunderx-19.11.4-150200.3.20.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    dpdk-19.11.4-150200.3.20.1, dpdk-thunderx-19.11.4-150200.3.20.1
SUSE Enterprise Storage 7 (src):    dpdk-19.11.4-150200.3.20.1, dpdk-thunderx-19.11.4-150200.3.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.