Bugzilla – Bug 1202956
VUL-0: CVE-2022-28199: dpdk: buffer overflow in the vhost code
Last modified: 2024-04-19 14:00:37 UTC
CVE-2022-28199 A buffer overflow was discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code by malicious guests/containers. For the stable distribution (bullseye), these problems have been fixed in version 20.11.6-1~deb11u1. We recommend that you upgrade your dpdk packages. For the detailed security status of dpdk please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/dpdk References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28199 https://security-tracker.debian.org/tracker/DSA-5222-1
The error handling was introduced in version v19.08. commit 88c0733535d6a7ce79045d4d57a1d78d904067c8 Therefore the affected code can only be patched >= SLE-15-SP2. SLE-15-SP4 dpdk-19.11.10 SLE-15-SP3 dpdk-19.11.4 SLE-15-SP2 dpdk-19.11.4 SLE-15-SP1 dpdk-18.11.9 SLE-15 dpdk-18.11.9 SLE-12-SP5 dpdk-18.11.9 SLE-12-SP4 dpdk-17.11.7 SLE-12-SP3 dpdk-16.11.9 SLE-12-SP2 dpdk-2.2.0 Master: https://git.dpdk.org/dpdk/commit/?id=60b254e3923d007bcadbb8d410f95ad89a2f13fa v21.11.2: https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd32374b0c3cbc260f3e3872408d749cb45 v20.11.6: https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d21b4f68c8ccfc46a00cda7c2a0bf4cc v19.11.13: https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664e9d014cd8fa0fde90597aaf4349e7e References: https://www.openwall.com/lists/oss-security/2022/08/29/3
Fixes: 88c0733 ("net/mlx5: extend Rx completion with error handling") https://git.dpdk.org/dpdk-stable/commit/?id=88c0733 Considering affected: 15sp4,15sp3,15sp2/dpdk.
Submitted for: 15sp4,15sp2/dpdk. I get a build failure for 15sp3 which I do not know how to fix sofar: [ 416s] make[8]: *** [/usr/src/linux-5.3.18-150300.59.90/scripts/Makefile.modpost:101: __modpost] Error 2 [ 416s] make[7]: *** [/usr/src/linux-5.3.18-150300.59.90/Makefile:1684: modules] Error 2 [ 416s] make[6]: *** [../../../linux-5.3.18-150300.59.90/Makefile:179: sub-make] Error 2 [ 416s] make[5]: *** [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.module.mk:51: igb_uio.ko] Error 2 [ 416s] make[4]: *** [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.subdir.mk:37: igb_uio] Error 2 [ 416s] make[3]: *** [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.subdir.mk:37: linux] Error 2 [ 416s] make[2]: *** [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.sdkbuild.mk:48: kernel] Error 2 [ 416s] make[1]: *** [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.sdkroot.mk:99: all] Error 2 [ 416s] make: *** [Makefile:12: all] Error 2 [ 416s] error: Bad exit status from /var/tmp/rpm-tmp.xTyYig (%build) This is with or without this patch.
(In reply to Petr Gajdos from comment #3) > Submitted for: 15sp4,15sp2/dpdk. > > I get a build failure for 15sp3 which I do not know how to fix sofar: [ 416s] make[9]: *** No rule to make target 'vmlinux', needed by '/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/x86_64-native-linuxapp-gcc-default/build/kernel/linux/igb_uio/igb_uio.ko'. Stop. > [ 416s] make[8]: *** > [/usr/src/linux-5.3.18-150300.59.90/scripts/Makefile.modpost:101: __modpost] > Error 2 > [ 416s] make[7]: *** [/usr/src/linux-5.3.18-150300.59.90/Makefile:1684: > modules] Error 2 > [ 416s] make[6]: *** [../../../linux-5.3.18-150300.59.90/Makefile:179: > sub-make] Error 2 > [ 416s] make[5]: *** > [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.module.mk:51: > igb_uio.ko] Error 2 > [ 416s] make[4]: *** > [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.subdir.mk:37: > igb_uio] Error 2 > [ 416s] make[3]: *** > [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.subdir.mk:37: linux] > Error 2 > [ 416s] make[2]: *** > [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.sdkbuild.mk:48: > kernel] Error 2 > [ 416s] make[1]: *** > [/home/abuild/rpmbuild/BUILD/dpdk-stable-19.11.4/mk/rte.sdkroot.mk:99: all] > Error 2 > [ 416s] make: *** [Makefile:12: all] Error 2 > [ 416s] error: Bad exit status from /var/tmp/rpm-tmp.xTyYig (%build) > > > This is with or without this patch.
(In reply to Petr Gajdos from comment #3) > I get a build failure for 15sp3 which I do not know how to fix sofar: see bug 1203365
Submitted also for 15sp3/dpdk. I believe all fixed.
SUSE-SU-2022:3341-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1202903,1202956 CVE References: CVE-2022-2132,CVE-2022-28199 JIRA References: Sources used: openSUSE Leap 15.4 (src): dpdk-19.11.10-150400.4.7.1, dpdk-thunderx-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): dpdk-19.11.10-150400.4.7.1, dpdk-thunderx-19.11.10-150400.4.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3390-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1202903,1202956 CVE References: CVE-2022-2132,CVE-2022-28199 JIRA References: Sources used: openSUSE Leap 15.3 (src): dpdk-19.11.4-150300.16.1, dpdk-thunderx-19.11.4-150300.16.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): dpdk-19.11.4-150300.16.1, dpdk-thunderx-19.11.4-150300.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3429-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1202903,1202956 CVE References: CVE-2022-2132,CVE-2022-28199 JIRA References: Sources used: SUSE Manager Server 4.1 (src): dpdk-19.11.4-150200.3.20.1 SUSE Manager Retail Branch Server 4.1 (src): dpdk-19.11.4-150200.3.20.1 SUSE Manager Proxy 4.1 (src): dpdk-19.11.4-150200.3.20.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): dpdk-19.11.4-150200.3.20.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): dpdk-19.11.4-150200.3.20.1, dpdk-thunderx-19.11.4-150200.3.20.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): dpdk-19.11.4-150200.3.20.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): dpdk-19.11.4-150200.3.20.1, dpdk-thunderx-19.11.4-150200.3.20.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): dpdk-19.11.4-150200.3.20.1, dpdk-thunderx-19.11.4-150200.3.20.1 SUSE Enterprise Storage 7 (src): dpdk-19.11.4-150200.3.20.1, dpdk-thunderx-19.11.4-150200.3.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done