[Pkg-dpdk-devel] Bug#1019589: dpdk: CVE-2022-28199 CVE-2022-2132
jmm at inutil.org
Mon Sep 12 19:24:30 BST 2022
X-Debbugs-CC: team at security.debian.org
The following vulnerabilities are fixed in DSA 5222, but filing a bug
to track the fix in unstable:
| NVIDIA’s distribution of the Data Plane Development Kit
| (MLNX_DPDK) contains a vulnerability in the network stack, where error
| recovery is not handled properly, which can allow a remote attacker to
| cause denial of service and some impact to data integrity and
| A permissive list of allowed inputs flaw was found in DPDK. This issue
| allows a remote attacker to cause a denial of service triggered by
| sending a crafted Vhost header to DPDK.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-dpdk-devel