Security update for dpdk SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:3341-1 Final 1 1 2022-09-23T05:55:02Z current 2022-09-23T05:55:02Z 2022-09-23T05:55:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dpdk This update for dpdk fixes the following issues: - CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs (bsc#1202903). - CVE-2022-28199: Fixed buffer overflow in the vhost code (bsc#1202956). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-3341,SUSE-SLE-Module-Server-Applications-15-SP4-2022-3341,openSUSE-SLE-15.4-2022-3341 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20223341-1/ Link for SUSE-SU-2022:3341-1 https://lists.suse.com/pipermail/sle-security-updates/2022-September/012346.html E-Mail link for SUSE-SU-2022:3341-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1202903 SUSE Bug 1202903 https://bugzilla.suse.com/1202956 SUSE Bug 1202956 https://www.suse.com/security/cve/CVE-2022-2132/ SUSE CVE CVE-2022-2132 page https://www.suse.com/security/cve/CVE-2022-28199/ SUSE CVE CVE-2022-28199 page SUSE Linux Enterprise Module for Server Applications 15 SP4 openSUSE Leap 15.4 dpdk-19.11.10-150400.4.7.1 dpdk-devel-19.11.10-150400.4.7.1 dpdk-doc-19.11.10-150400.4.7.1 dpdk-examples-19.11.10-150400.4.7.1 dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 dpdk-thunderx-19.11.10-150400.4.7.1 dpdk-thunderx-devel-19.11.10-150400.4.7.1 dpdk-thunderx-doc-19.11.10-150400.4.7.1 dpdk-thunderx-examples-19.11.10-150400.4.7.1 dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 dpdk-thunderx-tools-19.11.10-150400.4.7.1 dpdk-tools-19.11.10-150400.4.7.1 libdpdk-20_0-19.11.10-150400.4.7.1 dpdk-19.11.10-150400.4.7.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 dpdk-devel-19.11.10-150400.4.7.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 dpdk-thunderx-19.11.10-150400.4.7.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 dpdk-thunderx-devel-19.11.10-150400.4.7.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 dpdk-tools-19.11.10-150400.4.7.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 libdpdk-20_0-19.11.10-150400.4.7.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 dpdk-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-devel-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-doc-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-examples-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-thunderx-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-thunderx-devel-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-thunderx-doc-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-thunderx-examples-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-thunderx-tools-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 dpdk-tools-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 libdpdk-20_0-19.11.10-150400.4.7.1 as a component of openSUSE Leap 15.4 A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. CVE-2022-2132 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-devel-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-thunderx-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-thunderx-devel-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-tools-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:libdpdk-20_0-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-devel-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-doc-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-examples-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-devel-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-doc-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-examples-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-tools-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-tools-19.11.10-150400.4.7.1 openSUSE Leap 15.4:libdpdk-20_0-19.11.10-150400.4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223341-1/ https://www.suse.com/security/cve/CVE-2022-2132.html CVE-2022-2132 https://bugzilla.suse.com/1202903 SUSE Bug 1202903 NVIDIA's distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. CVE-2022-28199 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-devel-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-thunderx-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-thunderx-devel-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:dpdk-tools-19.11.10-150400.4.7.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:libdpdk-20_0-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-devel-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-doc-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-examples-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-devel-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-doc-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-examples-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1 openSUSE Leap 15.4:dpdk-thunderx-tools-19.11.10-150400.4.7.1 openSUSE Leap 15.4:dpdk-tools-19.11.10-150400.4.7.1 openSUSE Leap 15.4:libdpdk-20_0-19.11.10-150400.4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223341-1/ https://www.suse.com/security/cve/CVE-2022-28199.html CVE-2022-28199 https://bugzilla.suse.com/1202956 SUSE Bug 1202956