Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:1334-1

Опубликовано: 19 мая 2020
Источник: suse-cvrf

Описание

Security update for dpdk

This update for dpdk fixes the following issues:

Security issues fixed:

  • CVE-2020-10722: Fixed an integer overflow in vhost_user_set_log_base() (bsc#1171477).
  • CVE-2020-10723: Fixed an integer truncation in vhost_user_check_and_alloc_queue_pair() (bsc#1171477).
  • CVE-2020-10724: Fixed a missing inputs validation in Vhost-crypto (bsc#1171477).
  • CVE-2020-10725: Fixed a segfault caused by invalid virtio descriptors sent from a malicious guest (bsc#1171477).
  • CVE-2020-10726: Fixed a denial-of-service caused by VHOST_USER_GET_INFLIGHT_FD message flooding (bsc#1171477).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS
dpdk-18.11.3-3.19.2
dpdk-devel-18.11.3-3.19.2
dpdk-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
dpdk-thunderx-18.11.3-3.19.2
dpdk-thunderx-devel-18.11.3-3.19.2
dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
dpdk-tools-18.11.3-3.19.2
libdpdk-18_11-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-LTSS
dpdk-18.11.3-3.19.2
dpdk-devel-18.11.3-3.19.2
dpdk-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
dpdk-thunderx-18.11.3-3.19.2
dpdk-thunderx-devel-18.11.3-3.19.2
dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
dpdk-tools-18.11.3-3.19.2
libdpdk-18_11-18.11.3-3.19.2
SUSE Linux Enterprise Server 15-LTSS
dpdk-18.11.3-3.19.2
dpdk-devel-18.11.3-3.19.2
dpdk-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
dpdk-thunderx-18.11.3-3.19.2
dpdk-thunderx-devel-18.11.3-3.19.2
dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
dpdk-tools-18.11.3-3.19.2
libdpdk-18_11-18.11.3-3.19.2
SUSE Linux Enterprise Server for SAP Applications 15
dpdk-18.11.3-3.19.2
dpdk-devel-18.11.3-3.19.2
dpdk-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
dpdk-tools-18.11.3-3.19.2
libdpdk-18_11-18.11.3-3.19.2

Ссылки

Описание

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-devel-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-thunderx-18.11.3-3.19.2
Ссылки

Описание

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-devel-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-thunderx-18.11.3-3.19.2
Ссылки

Описание

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-devel-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-thunderx-18.11.3-3.19.2
Ссылки

Описание

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-devel-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-thunderx-18.11.3-3.19.2
Ссылки

Описание

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-devel-18.11.3-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-kmp-default-18.11.3_k4.12.14_150.47-3.19.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpdk-thunderx-18.11.3-3.19.2
Ссылки