[dpdk-dev] [dpdk-announce] DPDK 20.02.1 released

Luca Boccassi bluca at debian.org
Mon May 18 16:50:48 CEST 2020


Hi all,

Here is a new stable release:
	https://fast.dpdk.org/rel/dpdk-20.02.1.tar.xz

The git tree is at:
	https://dpdk.org/browse/dpdk-stable/?h=20.02

This release fixes the following security issues:

CVE-2020-10722
CVE-2020-10723
CVE-2020-10724
CVE-2020-10725
CVE-2020-10726

A malicious guess/container can cause resource leak resulting a
Denial-of-Service, or memory corruption and crash, or information leak
in vhost-user backend application.

Thanks to the issue reporters, to the developers for fixing them, and
to RedHat and Intel for validating the fixes.

Luca Boccassi

---
 VERSION                                |  2 +-
 doc/guides/rel_notes/release_20_02.rst | 63
++++++++++++++++++++++++++++++++++
 lib/librte_vhost/vhost_crypto.c        | 17 +++++++++
 lib/librte_vhost/vhost_user.c          | 30 ++++++++++++----
 lib/librte_vhost/virtio_net.c          |  4 +++
 5 files changed, 108 insertions(+), 8 deletions(-)
Luca Boccassi (1):
      version: 20.02.1

Marvin Liu (1):
      vhost: fix translated address not checked

Maxime Coquelin (3):
      vhost: check log mmap offset and size overflow
      vhost: fix vring index check
      vhost/crypto: validate keys lengths

Xiaolong Ye (1):
      vhost: fix potential memory space leak

Xuan Ding (1):
      vhost: fix potential fd leak


More information about the dev mailing list