Bug 2055793 (CVE-2022-0669)

Summary: CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS
Product: [Other] Security Response Reporter: Michael Kaplan <mkaplan>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aconole, amctagga, anharris, aoconnor, bmontgom, bniver, ctrautma, dbecker, dmarchan, echaudro, eglynn, eparis, fleitner, flucifre, gmeno, jburrell, jhsiao, jjoyce, jokerman, jschluet, lhh, linville, lpeer, mbenjamin, mburns, mhackett, michal.skrivanek, mperina, nhorman, nstielau, ovs-qe, ovs-team, ralongi, rhos-maint, rkhan, sbonazzo, sclewis, security-response-team, sfowler, slinaber, sostapov, sponnaga, spower, sscheink, tredaelli, vereddy, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dpdk 22.03 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user exhausts available fd in the vhost-user standby process, leading to a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-27 22:37:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2057196, 2057197, 2057198, 2057199, 2057200, 2057201, 2057202, 2057203, 2057204, 2057205, 2057206, 2061272, 2073381, 2073382    
Bug Blocks: 2055794    

Description Michael Kaplan 2022-02-17 16:21:31 UTC 
It’s an issue in the handling of vhost-user-inf light type messages. A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS.
Comment 7 Mauro Matteo Cascella 2022-05-03 21:20:29 UTC 
Upstream commit:
https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227
Comment 14 errata-xmlrpc 2022-05-27 18:14:29 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 8

Via RHSA-2022:4786 https://access.redhat.com/errata/RHSA-2022:4786
Comment 15 errata-xmlrpc 2022-05-27 18:14:48 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 8

Via RHSA-2022:4787 https://access.redhat.com/errata/RHSA-2022:4787
Comment 16 errata-xmlrpc 2022-05-27 18:15:03 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 8

Via RHSA-2022:4788 https://access.redhat.com/errata/RHSA-2022:4788
Comment 17 Product Security DevOps Team 2022-05-27 22:37:35 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0669