Bug 2055793 (CVE-2022-0669) - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS
Summary: CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-0669
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2057196 2057197 2057198 2057199 2057200 2057201 2057202 2057203 2057204 2057205 2057206 2061272 2073381 2073382
Blocks: 2055794
TreeView+ depends on / blocked
 
Reported: 2022-02-17 16:21 UTC by Michael Kaplan
Modified: 2022-10-13 13:14 UTC (History)
47 users (show)

Fixed In Version: dpdk 22.03
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user exhausts available fd in the vhost-user standby process, leading to a denial of service.
Clone Of:
Environment:
Last Closed: 2022-05-27 22:37:39 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:4786 0 None None None 2022-05-27 18:14:33 UTC
Red Hat Product Errata RHSA-2022:4787 0 None None None 2022-05-27 18:14:52 UTC
Red Hat Product Errata RHSA-2022:4788 0 None None None 2022-05-27 18:15:06 UTC

Description Michael Kaplan 2022-02-17 16:21:31 UTC 
It’s an issue in the handling of vhost-user-inf light type messages. A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS.
Comment 7 Mauro Matteo Cascella 2022-05-03 21:20:29 UTC 
Upstream commit:
https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227
Comment 14 errata-xmlrpc 2022-05-27 18:14:29 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 8

Via RHSA-2022:4786 https://access.redhat.com/errata/RHSA-2022:4786
Comment 15 errata-xmlrpc 2022-05-27 18:14:48 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 8

Via RHSA-2022:4787 https://access.redhat.com/errata/RHSA-2022:4787
Comment 16 errata-xmlrpc 2022-05-27 18:15:03 UTC 
This issue has been addressed in the following products:

  Fast Datapath for Red Hat Enterprise Linux 8

Via RHSA-2022:4788 https://access.redhat.com/errata/RHSA-2022:4788
Comment 17 Product Security DevOps Team 2022-05-27 22:37:35 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0669
Note You need to log in before you can comment on or make changes to this bug.