Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <16136472.hlxOUv9cDv@thomas>
Date: Mon, 29 Aug 2022 19:55:17 +0200
From: Thomas Monjalon <thomas@...jalon.net>
To: announce@...k.org
Cc: oss-security@...ts.openwall.com
Subject: CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability

A vulnerability was fixed in DPDK.
Some downstream stakeholders were warned in advance
in order to coordinate the release of fixes
and reduce the vulnerability window.

When having a failure with the mlx5 driver,
the error recovery was not handled properly,
which can allow a remote attacker to cause denial of service
and some impact to data integrity and confidentiality.

CVE: CVE-2022-28199
Severity: 6.5
CVSS scores: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Commits per branch:
	main  - https://git.dpdk.org/dpdk/commit/?id=60b254e392
	21.11 - https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd323
	20.11 - https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d2
	19.11 - https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664

LTS Releases:
	21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
	20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz
	19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.