[Pkg-dpdk-devel] Bug#1019589: dpdk: CVE-2022-28199 CVE-2022-2132

Moritz Mühlenhoff jmm at inutil.org
Mon Sep 12 19:24:30 BST 2022

Source: dpdk
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security


The following vulnerabilities are fixed in DSA 5222, but filing a bug
to track the fix in unstable:

| NVIDIA’s distribution of the Data Plane Development Kit
| (MLNX_DPDK) contains a vulnerability in the network stack, where error
| recovery is not handled properly, which can allow a remote attacker to
| cause denial of service and some impact to data integrity and
| confidentiality.

| A permissive list of allowed inputs flaw was found in DPDK. This issue
| allows a remote attacker to cause a denial of service triggered by
| sending a crafted Vhost header to DPDK.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-28199
[1] https://security-tracker.debian.org/tracker/CVE-2022-2132

Please adjust the affected versions in the BTS as needed.

More information about the Pkg-dpdk-devel mailing list