[Pkg-dpdk-devel] Bug#1019589: dpdk: CVE-2022-28199 CVE-2022-2132
Moritz Mühlenhoff
jmm at inutil.org
Mon Sep 12 19:24:30 BST 2022
Source: dpdk
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities are fixed in DSA 5222, but filing a bug
to track the fix in unstable:
CVE-2022-28199[0]:
| NVIDIA’s distribution of the Data Plane Development Kit
| (MLNX_DPDK) contains a vulnerability in the network stack, where error
| recovery is not handled properly, which can allow a remote attacker to
| cause denial of service and some impact to data integrity and
| confidentiality.
CVE-2022-2132[1]:
| A permissive list of allowed inputs flaw was found in DPDK. This issue
| allows a remote attacker to cause a denial of service triggered by
| sending a crafted Vhost header to DPDK.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-28199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
[1] https://security-tracker.debian.org/tracker/CVE-2022-2132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-dpdk-devel
mailing list