Описание
Security update for dpdk
This update for dpdk fixes the following issues:
- CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs (bsc#1202903).
- CVE-2022-28199: Fixed buffer overflow in the vhost code (bsc#1202956).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP3
dpdk-19.11.4-150300.16.1
dpdk-devel-19.11.4-150300.16.1
dpdk-kmp-default-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-thunderx-19.11.4-150300.16.1
dpdk-thunderx-devel-19.11.4-150300.16.1
dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-tools-19.11.4-150300.16.1
libdpdk-20_0-19.11.4-150300.16.1
openSUSE Leap 15.3
dpdk-19.11.4-150300.16.1
dpdk-devel-19.11.4-150300.16.1
dpdk-doc-19.11.4-150300.16.1
dpdk-examples-19.11.4-150300.16.1
dpdk-kmp-default-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-kmp-preempt-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-thunderx-19.11.4-150300.16.1
dpdk-thunderx-devel-19.11.4-150300.16.1
dpdk-thunderx-doc-19.11.4-150300.16.1
dpdk-thunderx-examples-19.11.4-150300.16.1
dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-thunderx-kmp-preempt-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-thunderx-tools-19.11.4-150300.16.1
dpdk-tools-19.11.4-150300.16.1
libdpdk-20_0-19.11.4-150300.16.1
Ссылки
- Link for SUSE-SU-2022:3390-1
- E-Mail link for SUSE-SU-2022:3390-1
- SUSE Security Ratings
- SUSE Bug 1202903
- SUSE Bug 1202956
- SUSE CVE CVE-2022-2132 page
- SUSE CVE CVE-2022-28199 page
Описание
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:dpdk-19.11.4-150300.16.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:dpdk-devel-19.11.4-150300.16.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:dpdk-kmp-default-19.11.4_k5.3.18_150300.59.93-150300.16.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:dpdk-thunderx-19.11.4-150300.16.1
Ссылки
- CVE-2022-2132
- SUSE Bug 1202903
Описание
NVIDIA's distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:dpdk-19.11.4-150300.16.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:dpdk-devel-19.11.4-150300.16.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:dpdk-kmp-default-19.11.4_k5.3.18_150300.59.93-150300.16.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:dpdk-thunderx-19.11.4-150300.16.1
Ссылки
- CVE-2022-28199
- SUSE Bug 1202956