A vulnerability was found in dpdk where a malicious master keep sending VRING_SET_NUM message, all the above memory will be leaked, and result a DOS finally since ret_malloc() won't allocate any memory.
Acknowledgments: Name: Jason Wang (Red Hat)
Statement: The dpdk package within Red Hat OpenStack Platform 10 has been superseded by the version included with RHEL Extras, fixes for dpdk will be consumed from here.
External References: https://bugs.dpdk.org/show_bug.cgi?id=363
Commits: main repo https://git.dpdk.org/dpdk/commit/?id=612e17cf6d7b https://git.dpdk.org/dpdk/commit/?id=bf472259dde6 19.08.1 https://git.dpdk.org/dpdk-stable/commit/?h=19.08&id=fa674d08985f https://git.dpdk.org/dpdk-stable/commit/?h=19.08&id=6547dd563ea9 18.11.4 (LTS) https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=70583a6b9b1c https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=f8898927bb16 17.11.8 (LTS) https://git.dpdk.org/dpdk-stable/commit/?h=17.11&id=3b1b44a1c82a https://git.dpdk.org/dpdk-stable/commit/?h=17.11&id=8a8dbd0ec19e https://git.dpdk.org/dpdk-stable/commit/?h=17.11&id=1f6147d9a01f 16.11.10 (LTS EOL) https://git.dpdk.org/dpdk-stable/commit/?h=16.11&id=5fbb5c2919b6 https://git.dpdk.org/dpdk-stable/commit/?h=16.11&id=3863340f93b8 https://git.dpdk.org/dpdk-stable/commit/?h=16.11&id=8790f4c3bcd2 https://git.dpdk.org/dpdk-stable/commit/?h=16.11&id=1bf11cfb7c7c
Created dpdk tracking bugs for this issue: Affects: fedora-all [bug 1771929] Created openvswitch tracking bugs for this issue: Affects: openstack-rdo [bug 1771930]
This issue has been addressed in the following products: Fast Datapath for RHEL 7 Via RHSA-2020:0165 https://access.redhat.com/errata/RHSA-2020:0165
This issue has been addressed in the following products: Fast Datapath for RHEL 7 Via RHSA-2020:0166 https://access.redhat.com/errata/RHSA-2020:0166
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14818
This issue has been addressed in the following products: Fast Datapath for RHEL 7 Via RHSA-2020:0168 https://access.redhat.com/errata/RHSA-2020:0168
This issue has been addressed in the following products: Fast Datapath for RHEL 8 Via RHSA-2020:0171 https://access.redhat.com/errata/RHSA-2020:0171
This issue has been addressed in the following products: Fast Datapath for RHEL 8 Via RHSA-2020:0172 https://access.redhat.com/errata/RHSA-2020:0172
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2020:1226 https://access.redhat.com/errata/RHSA-2020:1226
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1735 https://access.redhat.com/errata/RHSA-2020:1735