Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 18 May 2020 15:49:58 +0100
From: Ferruh Yigit <ferruh.yigit@...el.com>
To: dpdk-announce <announce@...k.org>
Cc: security@...k.org, security-prerelease@...k.org,
 oss-security@...ts.openwall.com, dpdk-dev <dev@...k.org>
Subject: DPDK security advisory for multiple vhost related issues

A set of vulnerabilities fixed in DPDK:
- CVE-2020-10722
- CVE-2020-10723
- CVE-2020-10724
- CVE-2020-10725
- CVE-2020-10726

Some downstream stakeholders were warned in advance in order to coordinate the
release of fixes and reduce the vulnerability window.

Problem:
A malicious guess/container can cause resource leak resulting a
Denial-of-Service, or memory corruption and crash, or information leak in
vhost-user backend application.

All users of the vhost library are strongly encouraged to upgrade as soon as
possible.

Thanks to the reporters, all credit goes to them:
Ilja Van Sprundel <ivansprundel@...ctive.com>
Marvin Liu <yong.liu@...el.com>
Xiaolong Ye <xiaolong.ye@...el.com>


Stable Releases download links:
DPDK 20.02.1
http://fast.dpdk.org/rel/dpdk-20.02.1.tar.xz

DPDK 18.11.8 (LTS)
http://fast.dpdk.org/rel/dpdk-18.11.8.tar.xz

DPDK 19.11.2 (LTS)
http://fast.dpdk.org/rel/dpdk-19.11.2.tar.xz



Details:

CVE-2020-10722
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=267
Severity: 5.1 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary: DPDK librte_vhost: Interger overflow in vhost_user_set_log_base()
Reporter: Ilja Van Sprundel <ivansprundel@...ctive.com>


CVE-2020-10723
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=268
Severity: 5.1 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary: DPDK librte_vhost: Integer truncation in
         vhost_user_check_and_alloc_queue_pair()
Reporter: Ilja Van Sprundel <ivansprundel@...ctive.com>


CVE-2020-10724
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=269
Severity: 5.1 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary: DPDK librte_vhost: Missing inputs validation in Vhost-crypto
Reporter: Ilja Van Sprundel <ivansprundel@...ctive.com>


CVE-2020-10725
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=270
Severity: 7.7 (High)
CVSS scores: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary: DPDK librte_vhost: Malicious guest could cause segfault by sending
         invalid Virtio descriptor
Reporter: Marvin Liu <yong.liu@...el.com>


CVE-2020-10726
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=271
Severity: 6.0 (Medium)
CVSS scores: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Summary: DPDK librte_vhost: VHOST_USER_GET_INFLIGHT_FD message flooding to
         result in a DOS
Reporter: Marvin Liu <yong.liu@...el.com> & Xiaolong Ye <xiaolong.ye@...el.com>


Commits:
main repo
https://git.dpdk.org/dpdk/commit/?id=3ae4beb079ce
https://git.dpdk.org/dpdk/commit/?id=c78d94189dce
https://git.dpdk.org/dpdk/commit/?id=acd4c92fa693
https://git.dpdk.org/dpdk/commit/?id=97ecc1c85c95
https://git.dpdk.org/dpdk/commit/?id=549de54c4f9f
https://git.dpdk.org/dpdk/commit/?id=e7debf602633

DPDK 20.02.1
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=0545a19f5b99
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=dca5d97491b4
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=64a4d90c673e
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=47791d99afe4
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=74b0c5db0f1e
https://git.dpdk.org/dpdk-stable/commit/?h=20.02&id=a827e27d81cc

DPDK 18.11.8 (LTS)
https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=338f5eae5de73
https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=d87b67f57ef93
https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=5e4bc0f0e1e48

DPDK 19.11.2 (LTS)
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=2cf9c470ebff
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=8e9652b0b616
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=963b6eea05f3
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=cd0ea71bb6a7
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=95e1f29c2677
https://git.dpdk.org/dpdk-stable/commit/?h=19.11&id=c9c630a117cf


-- 
DPDK Security Team
http://core.dpdk.org/security/





Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.