A vulnerability was fixed in DPDK. When having a failure with the mlx5 driver, the error recovery was not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. Commits per branch: main - https://git.dpdk.org/dpdk/commit/?id=60b254e392 21.11 - https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd323 20.11 - https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d2 19.11 - https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664 LTS Releases: 21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz 20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz 19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz
Created dpdk tracking bugs for this issue: Affects: fedora-all [bug 2123550]
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2022:6503 https://access.redhat.com/errata/RHSA-2022:6503
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:6502 https://access.redhat.com/errata/RHSA-2022:6502
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:6504 https://access.redhat.com/errata/RHSA-2022:6504
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:6505 https://access.redhat.com/errata/RHSA-2022:6505
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:6506 https://access.redhat.com/errata/RHSA-2022:6506
We have done sanity tests against mlx5 CVE fixes using FDP 22.G.2 openvswitch builds. All tests passed. Thus, we have verified this bug. Below is out test results spreadsheet: https://docs.google.com/spreadsheets/d/1U9nZRcgzXTd1kLuP2GgTGM2DaaJ-6jlYT2UYvX8Gb9g/edit#gid=398691140 NOTE: There will be separate erratas to verified dpdk 21.11.2, dpdk 20.11.6, dpdk 19.11.13 individually.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8263 https://access.redhat.com/errata/RHSA-2022:8263
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-28199