Bug 1828898 (CVE-2020-10726)

Summary: CVE-2020-10726 dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS
Product: [Other] Security Response Reporter: Michael Kaplan <mkaplan>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aconole, apevec, chrisw, ctrautma, dbecker, dblechte, dfediuck, eedri, fhallal, fleitner, hvyas, jhsiao, jjoyce, jschluet, kbasil, kfida, lhh, linville, lpeer, maxime.coquelin, mburns, mgoldboi, michal.skrivanek, mmirecki, nhorman, ovs-qe, ovs-team, ralongi, rhos-maint, rkhan, sbonazzo, sclewis, security-response-team, sherold, slinaber, tredaelli, yturgema
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dpdk 20.02.1, dpdk 19.11.2 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-26 15:15:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1831388, 1837022, 1837060    
Bug Blocks: 1828925    

Description Michael Kaplan 2020-04-28 14:39:18 UTC
A vulnerability was found in DPDK through version 19.11, A malicious container which has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages which may cause leaking resources until resulting a DoS. Leaking resources being both file descriptors and virtual memory.

Comment 1 Michael Kaplan 2020-04-28 14:39:22 UTC
Acknowledgments:

Name: Ferruh Yigit (Reporter)

Comment 4 Anten Skrabec 2020-05-05 04:04:56 UTC
Removed OpenStack 7 affects and added missing affects for OpenStack and Fast Datapath. Only openvswitch2.13+ ships dpdk v19.11+.

Comment 7 Mauro Matteo Cascella 2020-05-17 17:50:02 UTC
inflight messages (VHOST_USER_GET_INFLIGHT_FD and VHOST_USER_SET_INFLIGHT_FD) were added in upstream version 19.11 via the following commit:
  -> https://git.dpdk.org/dpdk/commit/?id=d87f1a1cb7b666550bb53e39c1d85d9f7b861e6f

Comment 9 RaTasha Tillery-Smith 2020-05-18 15:01:38 UTC
Statement:

The versions of DPDK as shipped with Red Hat Enterprise Linux 7 were not affected by this flaw, as they did not include support for the inflight share memory feature, which was introduced in a later version of the package. This issue did not affect the versions of Ceph as shipped with Red Hat Ceph Storage 3 and 4, as they did not include support for DPDK.

Comment 12 Nick Tait 2020-05-18 18:38:56 UTC
Created dpdk tracking bugs for this issue:

Affects: fedora-all [bug 1837060]

Comment 15 errata-xmlrpc 2020-05-26 11:23:50 UTC
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 8

Via RHSA-2020:2295 https://access.redhat.com/errata/RHSA-2020:2295

Comment 16 Product Security DevOps Team 2020-05-26 15:15:36 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-10726

Comment 18 errata-xmlrpc 2020-11-04 04:02:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4806 https://access.redhat.com/errata/RHSA-2020:4806