Описание
Security update for dpdk
This update for dpdk fixes the following issues:
- CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs (bsc#1202903).
- CVE-2022-28199: Fixed buffer overflow in the vhost code (bsc#1202956).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP4
dpdk-19.11.10-150400.4.7.1
dpdk-devel-19.11.10-150400.4.7.1
dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-thunderx-19.11.10-150400.4.7.1
dpdk-thunderx-devel-19.11.10-150400.4.7.1
dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-tools-19.11.10-150400.4.7.1
libdpdk-20_0-19.11.10-150400.4.7.1
openSUSE Leap 15.4
dpdk-19.11.10-150400.4.7.1
dpdk-devel-19.11.10-150400.4.7.1
dpdk-doc-19.11.10-150400.4.7.1
dpdk-examples-19.11.10-150400.4.7.1
dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-thunderx-19.11.10-150400.4.7.1
dpdk-thunderx-devel-19.11.10-150400.4.7.1
dpdk-thunderx-doc-19.11.10-150400.4.7.1
dpdk-thunderx-examples-19.11.10-150400.4.7.1
dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-thunderx-tools-19.11.10-150400.4.7.1
dpdk-tools-19.11.10-150400.4.7.1
libdpdk-20_0-19.11.10-150400.4.7.1
Ссылки
- Link for SUSE-SU-2022:3341-1
- E-Mail link for SUSE-SU-2022:3341-1
- SUSE Security Ratings
- SUSE Bug 1202903
- SUSE Bug 1202956
- SUSE CVE CVE-2022-2132 page
- SUSE CVE CVE-2022-28199 page
Описание
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-19.11.10-150400.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-devel-19.11.10-150400.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-thunderx-19.11.10-150400.4.7.1
Ссылки
- CVE-2022-2132
- SUSE Bug 1202903
Описание
NVIDIA's distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-19.11.10-150400.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-devel-19.11.10-150400.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-thunderx-19.11.10-150400.4.7.1
Ссылки
- CVE-2022-28199
- SUSE Bug 1202956