In copy_desc_to_mbuf() function, the Vhost header was assumed not across more than two descriptors. If a malicious guest send a packet with the Vhost header crossing more than two descriptors, the buf_avail will be a very large number near 4G. All the mbufs will be allocated, therefor other guests traffic will be blocked. A malicious guest can cause denial of service for the other guest running on the hypervisor. https://bugs.dpdk.org/show_bug.cgi?id=1031
Created dpdk tracking bugs for this issue: Affects: fedora-all [bug 2122335]
Ran the following sanity tests to verify: Selinux/netperf(ovs-dpfk-tunneling): https://beaker.engineering.redhat.com/jobs/6962774 RFC2544 PvP over ovs-dpdk/XXv710: 25.5 Mpps
Below is the link to all vhostuser tests: https://docs.google.com/spreadsheets/d/1EUbENq1LQsaUTcQLTQZCmmIrDvYMeDXgl1vEqjoF5kM/edit?usp=sharing
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 9 Via RHSA-2022:6386 https://access.redhat.com/errata/RHSA-2022:6386
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:6385 https://access.redhat.com/errata/RHSA-2022:6385
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:6384 https://access.redhat.com/errata/RHSA-2022:6384
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:6383 https://access.redhat.com/errata/RHSA-2022:6383
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:6382 https://access.redhat.com/errata/RHSA-2022:6382
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:6551 https://access.redhat.com/errata/RHSA-2022:6551
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 7 Via RHSA-2022:6850 https://access.redhat.com/errata/RHSA-2022:6850
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 - ELS Via RHSA-2022:7268 https://access.redhat.com/errata/RHSA-2022:7268
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8263 https://access.redhat.com/errata/RHSA-2022:8263
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2132
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2023:0167 https://access.redhat.com/errata/RHSA-2023:0167
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:0168 https://access.redhat.com/errata/RHSA-2023:0168
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:0166 https://access.redhat.com/errata/RHSA-2023:0166
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0172 https://access.redhat.com/errata/RHSA-2023:0172
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0169 https://access.redhat.com/errata/RHSA-2023:0169
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0170 https://access.redhat.com/errata/RHSA-2023:0170
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0171 https://access.redhat.com/errata/RHSA-2023:0171