var-202204-2114
Vulnerability from variot
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. DPDK of data plane development kit Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state.
The oldstable distribution (buster) is not affected.
For the stable distribution (bullseye), these problems have been fixed in version 20.11.5-1~deb11u1.
We recommend that you upgrade your dpdk packages.
For the detailed security status of dpdk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dpdk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AsACgkQEMKTtsN8 TjYeyw/9ECSTRzzVxG0vfic14yz4vbKTayFN7hGkMwIrtpAT+iNcwR/QVznY+sPB VZxnqNRprXz4cXkTHFrIdaur7QFtGE997Eim4gDt52dmtViaKYTqx/I18dGxLnUq Vz+pck34hlAJjQA2qqF4OEaZi6p6u+RltwVN1A1GKQ/EBZ2F1xz1BCpBsXgEmB5J /GXpnBGMp7vlgveiMNDbkhPO0I4aGrmcMhPY5zIKv+ujjNZozxlqRIK83dkzdyoP 0QWoRMI3e3ANNkxLuKOBUK5f3LQf/No0xivxufN36sIEUK0WjLvDFhmt3Bt4FI+P 1j1YAvcc+LSXF7o+yNeD7tN1NguPX/kNiH1MjnimyOf803Fe4sdlwIGadHagf7P4 eEA9gGxCtM4NEydTLAGFw4dqJki9S3JJtA5m9Lw3/ZjhFg8stfM2iVDD45pmROZi LlxjjfmFH0vaQFG2nh/qXENwosk3D3Sl/o7Pinl6yWM/QstlyM6aXGYQLb9edyfS BRv2R/EsaqICA2rFN0W7dDI1eED6GVLJRGY2Hl+sV+n/ezerlIi87JTZ6c3625rv 7izW/Gzns7Az5KmDIi8wjAD1bzYq0M6zRFp9kbZc1M1s5iEvXEIsQpwg9QENGcgS Yv/7+a5NtWSih4e6enBQ0FqAHBUpNjz+q+qL8U5WovpuifsmrIM= =cq6B -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5401-1 May 04, 2022
dpdk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in DPDK.
Software Description: - dpdk: set of libraries for fast packet processing
Details:
Wenxiang Qian discovered that DPDK incorrectly checked certain payloads. An attacker could use this issue to cause DPDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3839)
It was discovered that DPDK incorrectly handled inflight type messages. An attacker could possibly use this issue to cause DPDK to consume resources, leading to a denial of service. (CVE-2022-0669)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: dpdk 21.11.1-0ubuntu0.3
Ubuntu 21.10: dpdk 20.11.5-0ubuntu1
Ubuntu 20.04 LTS: dpdk 19.11.12-0ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openvswitch2.15 security update Advisory ID: RHSA-2022:4787-01 Product: Fast Datapath Advisory URL: https://access.redhat.com/errata/RHSA-2022:4787 Issue date: 2022-05-27 CVE Names: CVE-2021-3839 CVE-2022-0669 =====================================================================
- Summary:
An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
-
openvswitch2.15: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
-
openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Users of openvswitch2.15 are advised to upgrade to these updated packages, which fix these bugs.
- Bugs fixed (https://bugzilla.redhat.com/):
2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash 2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS 2070343 - Failed to read database with dns hostname address 2080271 - [22.D RHEL-8] Fast Datapath Release
- Package List:
Fast Datapath for Red Hat Enterprise Linux 8:
Source: openvswitch2.15-2.15.0-99.el8fdp.src.rpm
aarch64: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm
noarch: openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm
ppc64le: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm
s390x: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm
x86_64: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3839 https://access.redhat.com/security/cve/CVE-2022-0669 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYpEx5NzjgjWX9erEAQilcQ/9E4LMCyo2/tSJR13aOP2BQO99IqKG770u 9Rp9+aGCp1QyurzrYGjn7WXwe0DBHTRNQVaHdJLHzmZAeSNZilXoAg620VzoKSu/ rhVtfy+EJU22H/OVkAUhExcEUIJRB0zQk6CadScdl25BUE/LNCPa2DJiTOMVi2yF G76OloY8FoI1nWVPKGetMMmI6LqOP3Bd+JwD2VG5t+krqmQSD4wKkVrcwS4TLjQm H9ZCRgg4D5G00CgYuEtetMf4A4C23n1Fd9oEdwEbPN2Q7ddSWJ1eNZ1q76p6oPtl sA7A6MXIdz3j05JjdnPRNKTJvXWnwtGYXx114UKWcSgJUYnsqCyd2auhPZSkP7iC 34z2FLzDOV7VeF2gnQTJj0h9iwpJOtcnzwC0X8w94yES5rxXKp5UHB8CiFNkUu6g lqlQKiF1JPmisJBfdlAFC1+Hs/mgJwosNq3JD5nbIaM6410YQk+TEZ331ssjVjFy Bs60J/v++KxAooPqnn0q3dbQsV1ne9pRdpiBWAzkX7mHp8ZRHscBi6zISv6CKDft 2b1CHllt/m35nUF0f6dRlJdbu/mKFixcJWiO3nqrD4TmYprl016VJ73bN30CEJIS GOdd7+rl8it4cuWDAzG7H2aTGnGSSwUr5lOkR9+hKNrO7Fel6n3PrdHS/igJMw7L 5WnVACaEc60= =WSAK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202204-2114", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openshift container platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "data plane development kit", "scope": "eq", "trust": 1.0, "vendor": "dpdk", "version": "19.11" }, { "model": "data plane development kit", "scope": "eq", "trust": 1.0, "vendor": "dpdk", "version": "22.03" }, { "model": "openvswitch", "scope": "eq", "trust": 1.0, "vendor": "openvswitch", "version": "2.15.0" }, { "model": "data plane development kit", "scope": "gte", "trust": 1.0, "vendor": "dpdk", "version": "20.02" }, { "model": "openvswitch", "scope": "eq", "trust": 1.0, "vendor": "openvswitch", "version": "2.13.0" }, { "model": "data plane development kit", "scope": "lt", "trust": 1.0, "vendor": "dpdk", "version": "22.03" }, { "model": "red hat openshift container platform", "scope": null, "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "data plane development kit", "scope": null, "trust": 0.8, "vendor": "dpdk", "version": null }, { "model": "open vswitch", "scope": null, "trust": 0.8, "vendor": "open vswitch", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "NVD", "id": "CVE-2022-0669" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "22.03", "versionStartIncluding": "20.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-0669" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "167299" }, { "db": "PACKETSTORM", "id": "167294" }, { "db": "PACKETSTORM", "id": "167298" } ], "trust": 0.3 }, "cve": "CVE-2022-0669", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.0, "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-0669", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-0669", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202204-4638", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "NVD", "id": "CVE-2022-0669" }, { "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. DPDK of data plane development kit Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. \n\nThe oldstable distribution (buster) is not affected. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 20.11.5-1~deb11u1. \n\nWe recommend that you upgrade your dpdk packages. \n\nFor the detailed security status of dpdk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/dpdk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AsACgkQEMKTtsN8\nTjYeyw/9ECSTRzzVxG0vfic14yz4vbKTayFN7hGkMwIrtpAT+iNcwR/QVznY+sPB\nVZxnqNRprXz4cXkTHFrIdaur7QFtGE997Eim4gDt52dmtViaKYTqx/I18dGxLnUq\nVz+pck34hlAJjQA2qqF4OEaZi6p6u+RltwVN1A1GKQ/EBZ2F1xz1BCpBsXgEmB5J\n/GXpnBGMp7vlgveiMNDbkhPO0I4aGrmcMhPY5zIKv+ujjNZozxlqRIK83dkzdyoP\n0QWoRMI3e3ANNkxLuKOBUK5f3LQf/No0xivxufN36sIEUK0WjLvDFhmt3Bt4FI+P\n1j1YAvcc+LSXF7o+yNeD7tN1NguPX/kNiH1MjnimyOf803Fe4sdlwIGadHagf7P4\neEA9gGxCtM4NEydTLAGFw4dqJki9S3JJtA5m9Lw3/ZjhFg8stfM2iVDD45pmROZi\nLlxjjfmFH0vaQFG2nh/qXENwosk3D3Sl/o7Pinl6yWM/QstlyM6aXGYQLb9edyfS\nBRv2R/EsaqICA2rFN0W7dDI1eED6GVLJRGY2Hl+sV+n/ezerlIi87JTZ6c3625rv\n7izW/Gzns7Az5KmDIi8wjAD1bzYq0M6zRFp9kbZc1M1s5iEvXEIsQpwg9QENGcgS\nYv/7+a5NtWSih4e6enBQ0FqAHBUpNjz+q+qL8U5WovpuifsmrIM=\n=cq6B\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-5401-1\nMay 04, 2022\n\ndpdk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in DPDK. \n\nSoftware Description:\n- dpdk: set of libraries for fast packet processing\n\nDetails:\n\nWenxiang Qian discovered that DPDK incorrectly checked certain payloads. An\nattacker could use this issue to cause DPDK to crash, resulting in a denial\nof service, or possibly execute arbitrary code. (CVE-2021-3839)\n\nIt was discovered that DPDK incorrectly handled inflight type messages. An\nattacker could possibly use this issue to cause DPDK to consume resources,\nleading to a denial of service. (CVE-2022-0669)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n dpdk 21.11.1-0ubuntu0.3\n\nUbuntu 21.10:\n dpdk 20.11.5-0ubuntu1\n\nUbuntu 20.04 LTS:\n dpdk 19.11.12-0ubuntu0.20.04.1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openvswitch2.15 security update\nAdvisory ID: RHSA-2022:4787-01\nProduct: Fast Datapath\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:4787\nIssue date: 2022-05-27\nCVE Names: CVE-2021-3839 CVE-2022-0669 \n=====================================================================\n\n1. Summary:\n\nAn update for openvswitch2.15 is now available in Fast Datapath for Red Hat\nEnterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nFast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic. \n\nSecurity Fix(es):\n\n* openvswitch2.15: DPDK: Out-of-bounds read/write in\nvhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)\n\n* openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could\nlead to DoS (CVE-2022-0669)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nUsers of openvswitch2.15 are advised to upgrade to these updated packages,\nwhich fix these bugs. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash\n2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS\n2070343 - Failed to read database with dns hostname address\n2080271 - [22.D RHEL-8] Fast Datapath Release\n\n6. Package List:\n\nFast Datapath for Red Hat Enterprise Linux 8:\n\nSource:\nopenvswitch2.15-2.15.0-99.el8fdp.src.rpm\n\naarch64:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm\n\nnoarch:\nopenvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm\n\nppc64le:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm\n\ns390x:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm\n\nx86_64:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3839\nhttps://access.redhat.com/security/cve/CVE-2022-0669\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYpEx5NzjgjWX9erEAQilcQ/9E4LMCyo2/tSJR13aOP2BQO99IqKG770u\n9Rp9+aGCp1QyurzrYGjn7WXwe0DBHTRNQVaHdJLHzmZAeSNZilXoAg620VzoKSu/\nrhVtfy+EJU22H/OVkAUhExcEUIJRB0zQk6CadScdl25BUE/LNCPa2DJiTOMVi2yF\nG76OloY8FoI1nWVPKGetMMmI6LqOP3Bd+JwD2VG5t+krqmQSD4wKkVrcwS4TLjQm\nH9ZCRgg4D5G00CgYuEtetMf4A4C23n1Fd9oEdwEbPN2Q7ddSWJ1eNZ1q76p6oPtl\nsA7A6MXIdz3j05JjdnPRNKTJvXWnwtGYXx114UKWcSgJUYnsqCyd2auhPZSkP7iC\n34z2FLzDOV7VeF2gnQTJj0h9iwpJOtcnzwC0X8w94yES5rxXKp5UHB8CiFNkUu6g\nlqlQKiF1JPmisJBfdlAFC1+Hs/mgJwosNq3JD5nbIaM6410YQk+TEZ331ssjVjFy\nBs60J/v++KxAooPqnn0q3dbQsV1ne9pRdpiBWAzkX7mHp8ZRHscBi6zISv6CKDft\n2b1CHllt/m35nUF0f6dRlJdbu/mKFixcJWiO3nqrD4TmYprl016VJ73bN30CEJIS\nGOdd7+rl8it4cuWDAzG7H2aTGnGSSwUr5lOkR9+hKNrO7Fel6n3PrdHS/igJMw7L\n5WnVACaEc60=\n=WSAK\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2022-0669" }, { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "VULHUB", "id": "VHN-415255" }, { "db": "VULMON", "id": "CVE-2022-0669" }, { "db": "PACKETSTORM", "id": "169321" }, { "db": "PACKETSTORM", "id": "167299" }, { "db": "PACKETSTORM", "id": "166960" }, { "db": "PACKETSTORM", "id": "167294" }, { "db": "PACKETSTORM", "id": "167298" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-0669", "trust": 3.9 }, { "db": "PACKETSTORM", "id": "166960", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "167299", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-016014", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.3284", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2695", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022052515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022053026", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202204-4638", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "167294", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "167298", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-415255", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-0669", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169321", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-415255" }, { "db": "VULMON", "id": "CVE-2022-0669" }, { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "PACKETSTORM", "id": "169321" }, { "db": "PACKETSTORM", "id": "167299" }, { "db": "PACKETSTORM", "id": "166960" }, { "db": "PACKETSTORM", "id": "167294" }, { "db": "PACKETSTORM", "id": "167298" }, { "db": "NVD", "id": "CVE-2022-0669" }, { "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "id": "VAR-202204-2114", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-415255" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:34:19.626000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DPDK Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194046" }, { "title": "Debian CVElist Bug Report Logs: dpdk: CVE-2021-3839 and CVE-2022-0669", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b8bc18397e85f273082ea70c4090f82d" }, { "title": "Ubuntu Security Notice: USN-5401-1: DPDK vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5401-1" }, { "title": "Debian Security Advisories: DSA-5130-1 dpdk -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c1652914039a5559306521c55fe28d7e" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-0669" }, { "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "NVD", "id": "CVE-2022-0669" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://access.redhat.com/security/cve/cve-2022-0669" }, { "trust": 2.5, "url": "https://bugs.dpdk.org/show_bug.cgi?id=922" }, { "trust": 2.5, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793" }, { "trust": 2.5, "url": "https://github.com/dpdk/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227" }, { "trust": 2.5, "url": "https://security-tracker.debian.org/tracker/cve-2022-0669" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0669" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022052515" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-0669/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167299/red-hat-security-advisory-2022-4786-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3284" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166960/ubuntu-security-notice-usn-5401-1.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/dpdk-overload-via-inflight-type-messages-38252" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022053026" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2695" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3839" }, { "trust": 0.3, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3839" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://ubuntu.com/security/notices/usn-5401-1" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010641" }, { "trust": 0.1, "url": "https://www.debian.org/security/2022/dsa-5130" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/dpdk" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:4786" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/dpdk/21.11.1-0ubuntu0.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/dpdk/20.11.5-0ubuntu1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/dpdk/19.11.12-0ubuntu0.20.04.1" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:4787" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:4788" } ], "sources": [ { "db": "VULHUB", "id": "VHN-415255" }, { "db": "VULMON", "id": "CVE-2022-0669" }, { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "PACKETSTORM", "id": "169321" }, { "db": "PACKETSTORM", "id": "167299" }, { "db": "PACKETSTORM", "id": "166960" }, { "db": "PACKETSTORM", "id": "167294" }, { "db": "PACKETSTORM", "id": "167298" }, { "db": "NVD", "id": "CVE-2022-0669" }, { "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-415255" }, { "db": "VULMON", "id": "CVE-2022-0669" }, { "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "db": "PACKETSTORM", "id": "169321" }, { "db": "PACKETSTORM", "id": "167299" }, { "db": "PACKETSTORM", "id": "166960" }, { "db": "PACKETSTORM", "id": "167294" }, { "db": "PACKETSTORM", "id": "167298" }, { "db": "NVD", "id": "CVE-2022-0669" }, { "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-29T00:00:00", "db": "VULHUB", "id": "VHN-415255" }, { "date": "2023-09-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "date": "2022-05-28T19:12:00", "db": "PACKETSTORM", "id": "169321" }, { "date": "2022-05-30T14:06:20", "db": "PACKETSTORM", "id": "167299" }, { "date": "2022-05-04T21:43:23", "db": "PACKETSTORM", "id": "166960" }, { "date": "2022-05-30T13:56:31", "db": "PACKETSTORM", "id": "167294" }, { "date": "2022-05-30T14:05:41", "db": "PACKETSTORM", "id": "167298" }, { "date": "2022-08-29T15:15:09.750000", "db": "NVD", "id": "CVE-2022-0669" }, { "date": "2022-04-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-01T00:00:00", "db": "VULHUB", "id": "VHN-415255" }, { "date": "2023-09-29T08:07:00", "db": "JVNDB", "id": "JVNDB-2022-016014" }, { "date": "2022-09-01T20:35:47.027000", "db": "NVD", "id": "CVE-2022-0669" }, { "date": "2022-09-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-4638" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-4638" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "DPDK\u00a0 of \u00a0data\u00a0plane\u00a0development\u00a0kit\u00a0 Vulnerabilities in Products from Other Vendors", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-016014" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-4638" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.