<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.MsoEndnoteReference
{mso-style-priority:99;
vertical-align:super;}
p.MsoEndnoteText, li.MsoEndnoteText, div.MsoEndnoteText
{mso-style-priority:99;
mso-style-link:"Endnote Text Char";
margin:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:.5in;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EndnoteTextChar
{mso-style-name:"Endnote Text Char";
mso-style-priority:99;
mso-style-link:"Endnote Text";
font-family:"Calibri",sans-serif;}
span.stat-title
{mso-style-name:stat-title;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
/* Page Definitions */
@page
{mso-endnote-separator:url("cid:header.htm\@01D9927C.C0C423E0") es;
mso-endnote-continuation-separator:url("cid:header.htm\@01D9927C.C0C423E0") ecs;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:975767152;
mso-list-type:hybrid;
mso-list-template-ids:1599999930 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hi folks,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">I made a summary report regarding the 2022 DPDK CVE issues. In this report, we will discuss the CVE<a style="mso-endnote-id:edn1" href="#_edn1" name="_ednref1" title=""><span class="MsoEndnoteReference">[i]</span></a>
issues that have been fixed in 2022. <o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">A total of 4 CVEs were reported and addressed in 2022, details are as below.
<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph"><o:p> </o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph"><span style="font-size:12.0pt">1. CVE-2021-3839 - Link:
<a href="https://access.redhat.com/security/cve/CVE-2021-3839">https://access.redhat.com/security/cve/CVE-2021-3839</a><o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Description: A flaw was discovered in DPDK's Vhost library. The function vhost_user_set_inflight_fd() does not validate msg->payload.inflight.num_queues, which could result in an out-of-bounds
memory read/write. <o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">CVSS score: 7.5 (<span class="stat-title">Moderate Impact</span>).<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Impact: Any software that uses DPDK's Vhost library could experience crashes due to this vulnerability.<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Reported-by: Wenxiang Qian.<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Solution: We fixed this issue by adding proper validation checks and ensuring that it does not exceed the maximum number of supported queues.<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph"><o:p> </o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph"><span style="font-size:12.0pt">2. CVE-2022-0669 - Link:
<a href="https://access.redhat.com/security/cve/CVE-2022-0669">https://access.redhat.com/security/cve/CVE-2022-0669</a><o:p></o:p></span></p>
<p class="MsoNormal">Description: A flaw was discovered in DPDK which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages. By sending such messages
continuously, the primary vhost-user exhausts available fd in the vhost-user standby process, leading to a denial of service.<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">CVSS score: 6.5 (<span class="stat-title">Moderate Impact</span>).<o:p></o:p></p>
<p class="MsoNormal">Impact: This vulnerability could cause a denial of service (DoS).<o:p></o:p></p>
<p class="MsoNormal">Reported-by: David Marchand.<o:p></o:p></p>
<p class="MsoNormal">Solution: We limited the number of fds that can be attached as ancillary data to the above messages and ensure their proper closing after use.<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph"><o:p> </o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph"><span style="font-size:12.0pt">3. CVE-2022-2132 - Link:
<a href="https://access.redhat.com/security/cve/CVE-2022-2132">https://access.redhat.com/security/cve/CVE-2022-2132</a><o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Description: A flaw was detected in DPDK, which permits a remote attacker to create a denial of service through a crafted Vhost header. The copy_desc_to_mbuf() function assumed that
the Vhost header doesn't cross more than two descriptors, but if a malicious entity sends a packet with a Vhost header that crosses more than two descriptors, the buf_avail value becomes very large near 4G, leading to blocking of other guest traffic and denial
of service. <o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">CVSS score: 8.6 (<span class="stat-title">Important Impact</span>).<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Impact: This vulnerability could cause a denial of service (DoS).<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Reported-by: Cong Wang.<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Solution: We fixed this by checking the Vhost header length to ensure it does not exceed two descriptors.<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph"><o:p> </o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph"><span style="font-size:12.0pt">4. CVE-2022-28199 - Link:
<a href="https://access.redhat.com/security/cve/CVE-2022-28199">https://access.redhat.com/security/cve/CVE-2022-28199</a><o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Description: The DPDK package has a vulnerability that can cause denial of service (DoS) attacks resulting in system unavailability. When facing a failure with the mlx5 driver, the
error recovery is not handled properly, which allows remote attackers to cause DoS and some impact to data integrity and confidentiality.
<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">CVSS score: 6.5 (<span class="stat-title">Moderate Impact</span>).<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Impact: This vulnerability could cause DoS and some impact to data integrity and confidentiality.<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Reported-by: Thomas Monjalon.<o:p></o:p></p>
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph">Solution: We improved the error recovery mechanism for the mlx5 driver to handle failures properly.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In summary, 3 <span class="stat-title">Moderate Impact</span> CVEs and 1
<span class="stat-title">Important Impact</span> CVE in DPDK were reported and addressed in 2022. Our top priority is delivering high-quality, secure software to our customers and partners. Our commitment to this goal remain unchanged. If you have any questions
or feedback, please do not hesitate to contact us.<o:p></o:p></p>
<p class="MsoNormal">The Security Team can be reached via <a href="mailto:security@dpdk.org">
security@dpdk.org</a>.<o:p></o:p></p>
<p class="MsoNormal">For any security report, messages should be encrypted with the following GPG keys:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraphCxSpFirst" style="margin-left:0in;mso-add-space:auto;mso-list:l0 level1 lfo1">
213127A63D9087C9 - Cheng Jiang<o:p></o:p></li><li class="MsoListParagraphCxSpMiddle" style="margin-left:0in;mso-add-space:auto;mso-list:l0 level1 lfo1">
80A77F6095CDE47E - Stephen Hemminger<o:p></o:p></li><li class="MsoListParagraphCxSpLast" style="margin-left:0in;mso-add-space:auto;mso-list:l0 level1 lfo1">
683000CC50B9E390 - Thomas Monjalon<o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Last but not least, I would like to extend our sincere gratitude to everyone involved in the timely identification and remediation of these security issues. Without the diligent efforts of our developers, testers, and security researchers,
issues like these could have gone unnoticed and caused harm. By working together as a community, we were able to solve these CVEs promptly and will continue enhancing our systems and software to prevent future vulnerabilities. Thank you all again for your
dedication and support. Let's keep working to build secure and trustworthy technologies for the benefit of all.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Best Regards, <o:p></o:p></p>
<p class="MsoNormal">Cheng<br clear="all">
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div style="mso-element:endnote-list"><br clear="all">
<hr align="left" size="1" width="33%">
<div style="mso-element:endnote" id="edn1">
<p class="MsoNormal" style="text-align:justify;text-justify:inter-ideograph"><a style="mso-endnote-id:edn1" href="#_ednref1" name="_edn1" title=""><span class="MsoEndnoteReference">[i]</span></a> CVE is an acronym for Common Vulnerabilities and Exposures, which
is a database featuring publicly disclosed information security issues. Each vulnerability listed in CVE has a unique identification number. CVE serves as a dependable and convenient way for academics, enterprises, vendors, and other interested parties to
exchange information about cyber security issues.<o:p></o:p></p>
<p class="MsoEndnoteText"><o:p> </o:p></p>
</div>
</div>
</body>
</html>