An update for dpdk is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1713 Final 1.0 1.0 2022-06-17 Initial 2022-06-17 2022-06-17 openEuler SA Tool V1.0 2022-06-17 dpdk security update An update for dpdk is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. DPDK core includes kernel modules, core libraries and tools. testpmd application allows to test fast packet processing environments on arm64 platforms. For instance, it can be used to check that environment can support fast path applications such as 6WINDGate, pktgen, rumptcpip, etc. More libraries are available as extensions in other packages. Security Fix(es): It’s an issue in the handling of vhost-user inflight type messages. A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS.(CVE-2022-0669) In DPDK Vhost communication, we didn’t test if msg->payload.inflight.num_queues is out of bounds in function ‘vhost_user_set_inflight_fd()’, and could cause the program to write OOB.(CVE-2021-3839) An update for dpdk is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium dpdk https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1713 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0669 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3839 https://nvd.nist.gov/vuln/detail/CVE-2022-0669 https://nvd.nist.gov/vuln/detail/CVE-2021-3839 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS dpdk-tools-19.11-17.oe1.aarch64.rpm dpdk-19.11-17.oe1.aarch64.rpm dpdk-debuginfo-19.11-17.oe1.aarch64.rpm dpdk-debugsource-19.11-17.oe1.aarch64.rpm dpdk-devel-19.11-17.oe1.aarch64.rpm dpdk-debugsource-19.11-17.oe1.aarch64.rpm dpdk-devel-19.11-17.oe1.aarch64.rpm dpdk-19.11-17.oe1.aarch64.rpm dpdk-debuginfo-19.11-17.oe1.aarch64.rpm dpdk-tools-19.11-17.oe1.aarch64.rpm dpdk-21.11-11.oe2203.aarch64.rpm dpdk-tools-21.11-11.oe2203.aarch64.rpm dpdk-devel-21.11-11.oe2203.aarch64.rpm dpdk-debuginfo-21.11-11.oe2203.aarch64.rpm dpdk-debugsource-21.11-11.oe2203.aarch64.rpm dpdk-doc-19.11-17.oe1.noarch.rpm dpdk-doc-19.11-17.oe1.noarch.rpm dpdk-doc-21.11-11.oe2203.noarch.rpm dpdk-19.11-17.oe1.src.rpm dpdk-19.11-17.oe1.src.rpm dpdk-21.11-11.oe2203.src.rpm dpdk-19.11-17.oe1.x86_64.rpm dpdk-debuginfo-19.11-17.oe1.x86_64.rpm dpdk-tools-19.11-17.oe1.x86_64.rpm dpdk-devel-19.11-17.oe1.x86_64.rpm dpdk-debugsource-19.11-17.oe1.x86_64.rpm dpdk-tools-19.11-17.oe1.x86_64.rpm dpdk-19.11-17.oe1.x86_64.rpm dpdk-devel-19.11-17.oe1.x86_64.rpm dpdk-debugsource-19.11-17.oe1.x86_64.rpm dpdk-debuginfo-19.11-17.oe1.x86_64.rpm dpdk-tools-21.11-11.oe2203.x86_64.rpm dpdk-devel-21.11-11.oe2203.x86_64.rpm dpdk-debugsource-21.11-11.oe2203.x86_64.rpm dpdk-debuginfo-21.11-11.oe2203.x86_64.rpm dpdk-21.11-11.oe2203.x86_64.rpm It’s an issue in the handling of vhost-user inflight type messages. A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS. 2022-06-17 CVE-2022-0669 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H dpdk security update 2022-06-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1713 In DPDK Vhost communication, we didn’t test if msg->payload.inflight.num_queues is out of bounds in function ‘vhost_user_set_inflight_fd()’, and could cause the program to write OOB. 2022-06-17 CVE-2021-3839 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 5.2 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L dpdk security update 2022-06-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1713