[Pkg-dpdk-devel] Bug#971269: dpdk: CVEs for multiple vhost crypto issues

[Luca Boccassi]

Source: dpdk
Version: 18.11-1
Severity: important
Tags: security
X-Debbugs-cc: security at debian.org
Forwarded: https://bugs.dpdk.org/show_bug.cgi?id=272
Fixed: 18.11.10-1~deb10u1 19.11.5-1

The vhost crypto feature in src:dpdk is affected by several security
issues:

CVE: CVE-2020-14374
Severity: 8.8 (High)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: dpdk: Remote Code Execution in vhost_crypto (VM Escape)

CVE: CVE-2020-14375
Severity: 7.8 (High)
CVSS scores: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: dpdk: Time-of-check time-of-use vulnerabilities throughout
vhost_crypto.c

CVE: CVE-2020-14376
Severity: 7.8 (High)
CVSS scores: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: dpdk: Buffer overflow copying iv_data from guest to
host(prepare_sym_cipher_op & prepare_sym_chain_op)

CVE: CVE-2020-14377
Severity: 7.1 (High)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Description: dpdk: write_back_data buffer over read
(cipher->para.dst_data_len & de= sc->len)

CVE: CVE-2020-14378
Severity: 3.3 (Low)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Description: dpdk: Partial Denial of Service due to Integer Underflow

Version 16.11.x in Stretch is not affected.

Popularity of this feature seems low, so it would probably be
acceptable to fix it only via proposed-updates in Buster.

-- 
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-dpdk-devel/attachments/20200928/d72ac70f/attachment.sig>