ALT Linux Team

Package dpdk update in sisyphus on 2020-09-25

ALT-PU-2020-2878-1

Package dpdk updated to version 19.11.3-alt1 for branch sisyphus in task 256222.

Closed vulnerabilities

Published: 2020-05-19

BDU:2020-03905

Уязвимость набора библиотек и драйверов для быстрой обработки пакетов dpdk, связанная с целочисленным переполнением значения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2020-05-19

BDU:2020-03944

Уязвимость функции vhost_user_set_log_base набора библиотек и драйверов для быстрой обработки пакетов dpdk, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2020-05-19

BDU:2020-03962

Уязвимость модуля vhost-crypto набора библиотек и драйверов для быстрой обработки пакетов dpdk, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: MEDIUM (4.4) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N
References:
Published: 2020-05-20

BDU:2021-00722

Уязвимость модуля vhost-user набора библиотек и драйверов для быстрой обработки пакетов dpdk, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.0) Vector: AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C
References:
Published: 2020-05-20

BDU:2021-00723

Уязвимость функции virtio_dev_rx_batch_packed набора библиотек и драйверов для быстрой обработки пакетов dpdk, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.7) Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Severity: MEDIUM (6.8) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
References:
Published: 2020-05-19
Modified: 2024-11-21

CVE-2020-10722

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-05-19
Modified: 2024-11-21

CVE-2020-10723

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-05-19
Modified: 2024-11-21

CVE-2020-10724

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2020-05-20
Modified: 2024-11-21

CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Severity: HIGH (7.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
Published: 2020-05-20
Modified: 2024-11-21

CVE-2020-10726

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-08-31
Modified: 2024-11-21

CVE-2022-2132

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

Severity: HIGH (8.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top