dpdk-21.11.2-1.el9

エラータID: AXSA:2023-5000:03

Release date: 
Wednesday, February 8, 2023 - 01:46
Subject: 
dpdk-21.11.2-1.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space.

Security Fix(es):

* dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs (CVE-2022-2132)
* DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
* dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service (CVE-2022-28199)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.1 Release Notes linked from the References section.

CVE-2021-3839
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
CVE-2022-2132
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
CVE-2022-28199
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

Solution: 

Update packages.

CVEs: 
CVE-2021-3839
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
CVE-2022-2132
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
CVE-2022-28199
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.
Additional Info: 

N/A

Download: 

SRPMS
  1. dpdk-21.11.2-1.el9.src.rpm
    MD5: 971a05e00ef59ca0ec8cdf6fce24977d
    SHA-256: 0007caf3378287e0d492820c0183cb0d8d83ee37199cd2147b6e7166f518d1e1
    Size: 17.27 MB

Asianux Server 9 for x86_64
  1. dpdk-21.11.2-1.el9.x86_64.rpm
    MD5: 5165baca52633acf00be345885562f1c
    SHA-256: 132dc0370a575a1668d65abbfd52ad6b01434ef40e4b629c0fb5cb7e7a77bb57
    Size: 3.41 MB
  2. dpdk-devel-21.11.2-1.el9.x86_64.rpm
    MD5: 2969932b62dfdfddd9770bc9b0e82c83
    SHA-256: 8dc81545b28504962b64350c745f90d02ca5ea32d48795d0fe199a3d630e58b6
    Size: 951.07 kB
  3. dpdk-doc-21.11.2-1.el9.noarch.rpm
    MD5: c53efac2e1db279c5bf65377e674d6cb
    SHA-256: 3d9a7124620512a21452d7b44360e6000ad69c0f175b24c04c87007aa683ee7d
    Size: 11.08 MB
  4. dpdk-tools-21.11.2-1.el9.x86_64.rpm
    MD5: de1b950deb87108049ce3c7faa219de1
    SHA-256: 87eeb60cec061ea73a17b70a262975e9d46b6174b30f9312ee204f2bfe877752
    Size: 23.37 kB