Описание
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
Отчет
Affected versions are only vulnerable if the Vhost-based application registers devices with the RTE_VHOST_USER_NET_COMPLIANT_OL_FLAGS flag. OVS-DPDK uses the DPDK Vhost library but does not pass this flag, so it is affected but not vulnerable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Fast Datapath for RHEL 7 | dpdk | Not affected | ||
| Fast Datapath for RHEL 7 | openvswitch | Not affected | ||
| Fast Datapath for RHEL 7 | openvswitch2.10 | Not affected | ||
| Fast Datapath for RHEL 7 | openvswitch2.11 | Not affected | ||
| Fast Datapath for RHEL 7 | openvswitch2.12 | Not affected | ||
| Fast Datapath for RHEL 8 | openvswitch2.11 | Not affected | ||
| Fast Datapath for RHEL 8 | openvswitch2.12 | Not affected | ||
| Fast Datapath for RHEL 8 | openvswitch2.13 | Not affected | ||
| Fast Datapath for RHEL 8 | openvswitch2.15 | Not affected | ||
| Fast Datapath for RHEL 8 | openvswitch2.16 | Not affected |
Показывать по
Дополнительная информация
Статус:
7.4 High
CVSS3
Связанные уязвимости
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
An out-of-bounds read vulnerability was found in DPDK's Vhost library ...
7.4 High
CVSS3