Описание
Important: dpdk security and bug fix update
The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space.
Security Fix(es):
-
dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs (CVE-2022-2132)
-
DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
-
dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service (CVE-2022-28199)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 9
Связанные CVE
Исправления
- Red Hat - 2025882
- Red Hat - 2070583
- Red Hat - 2099475
- Red Hat - 2123549
- Red Hat - 2126159
Связанные уязвимости
ELSA-2022-8263: dpdk security and bug fix update (IMPORTANT)
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.