|
Message-ID: <aeb18210-13f9-7aae-bf42-9cd5f7d03ffb@intel.com>
Date: Mon, 18 May 2020 15:49:58 +0100
From: Ferruh Yigit <ferruh.yigit@...el.com>
To: dpdk-announce <announce@...k.org>
Cc: security@...k.org, security-prerelease@...k.org,
oss-security@...ts.openwall.com, dpdk-dev <dev@...k.org>
Subject: DPDK security advisory for multiple vhost related issues
A set of vulnerabilities fixed in DPDK:
- CVE-2020-10722
- CVE-2020-10723
- CVE-2020-10724
- CVE-2020-10725
- CVE-2020-10726
Some downstream stakeholders were warned in advance in order to coordinate the
release of fixes and reduce the vulnerability window.
Problem:
A malicious guess/container can cause resource leak resulting a
Denial-of-Service, or memory corruption and crash, or information leak in
vhost-user backend application.
All users of the vhost library are strongly encouraged to upgrade as soon as
possible.
Thanks to the reporters, all credit goes to them:
Ilja Van Sprundel <ivansprundel@...ctive.com>
Marvin Liu <yong.liu@...el.com>
Xiaolong Ye <xiaolong.ye@...el.com>
Stable Releases download links:
DPDK 20.02.1
http://fast.dpdk.org/rel/dpdk-20.02.1.tar.xz
DPDK 18.11.8 (LTS)
http://fast.dpdk.org/rel/dpdk-18.11.8.tar.xz
DPDK 19.11.2 (LTS)
http://fast.dpdk.org/rel/dpdk-19.11.2.tar.xz
Details:
CVE-2020-10722
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=267
Severity: 5.1 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary: DPDK librte_vhost: Interger overflow in vhost_user_set_log_base()
Reporter: Ilja Van Sprundel <ivansprundel@...ctive.com>
CVE-2020-10723
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=268
Severity: 5.1 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary: DPDK librte_vhost: Integer truncation in
vhost_user_check_and_alloc_queue_pair()
Reporter: Ilja Van Sprundel <ivansprundel@...ctive.com>
CVE-2020-10724
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=269
Severity: 5.1 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary: DPDK librte_vhost: Missing inputs validation in Vhost-crypto
Reporter: Ilja Van Sprundel <ivansprundel@...ctive.com>
CVE-2020-10725
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=270
Severity: 7.7 (High)
CVSS scores: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary: DPDK librte_vhost: Malicious guest could cause segfault by sending
invalid Virtio descriptor
Reporter: Marvin Liu <yong.liu@...el.com>
CVE-2020-10726
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=271
Severity: 6.0 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Summary: DPDK librte_vhost: VHOST_USER_GET_INFLIGHT_FD message flooding to
result in a DOS
Reporter: Marvin Liu <yong.liu@...el.com> & Xiaolong Ye <xiaolong.ye@...el.com>
Commits:
main repo
https://git.dpdk.org/dpdk/commit/?id=3ae4beb079ce
https://git.dpdk.org/dpdk/commit/?id=c78d94189dce
https://git.dpdk.org/dpdk/commit/?id=acd4c92fa693
https://git.dpdk.org/dpdk/commit/?id=97ecc1c85c95
https://git.dpdk.org/dpdk/commit/?id=549de54c4f9f
https://git.dpdk.org/dpdk/commit/?id=e7debf602633
DPDK 20.02.1
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=0545a19f5b99
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=dca5d97491b4
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=64a4d90c673e
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=47791d99afe4
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=74b0c5db0f1e
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=a827e27d81cc
DPDK 18.11.8 (LTS)
https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=338f5eae5de73
https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=d87b67f57ef93
https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=5e4bc0f0e1e48
DPDK 19.11.2 (LTS)
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=2cf9c470ebff
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=8e9652b0b616
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=963b6eea05f3
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=cd0ea71bb6a7
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=95e1f29c2677
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=c9c630a117cf
--
DPDK Security Team
http://core.dpdk.org/security/
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.