Date: Mon, 29 Aug 2022 19:55:17 +0200 From: Thomas Monjalon <thomas@...jalon.net> To: announce@...k.org Cc: oss-security@...ts.openwall.com Subject: CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability A vulnerability was fixed in DPDK. Some downstream stakeholders were warned in advance in order to coordinate the release of fixes and reduce the vulnerability window. When having a failure with the mlx5 driver, the error recovery was not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. CVE: CVE-2022-28199 Severity: 6.5 CVSS scores: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Commits per branch: main - https://git.dpdk.org/dpdk/commit/?id=60b254e392 21.11 - https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd323 20.11 - https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d2 19.11 - https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664 LTS Releases: 21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz 20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz 19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.