A vulnerability was fixed in DPDK. Some downstream stakeholders were warned in advance in order to coordinate the release of fixes and reduce the vulnerability window.
In copy_desc_to_mbuf() function, the Vhost header was assumed not across more than two descriptors. If a malicious guest send a packet with the Vhost header crossing more than two descriptors, the buf_avail will be a very large number near 4G. All the mbufs will be allocated, therefore other guests traffic will be blocked. A malicious guest can cause denial of service for the other guest running on the hypervisor. CVE: CVE-2022-2132 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=1031 Severity: 8.6 (High) CVSS scores: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Commits per branch: main https://git.dpdk.org/dpdk/commit/?id=71bd0cc536 https://git.dpdk.org/dpdk/commit/?id=dc1516e260 21.11 https://git.dpdk.org/dpdk-stable/commit/?id=f167022606 https://git.dpdk.org/dpdk-stable/commit/?id=e12d415556 20.11 https://git.dpdk.org/dpdk-stable/commit/?id=8fff8520f3 https://git.dpdk.org/dpdk-stable/commit/?id=089e01b375 19.11 https://git.dpdk.org/dpdk-stable/commit/?id=5b3c25e6ee https://git.dpdk.org/dpdk-stable/commit/?id=e73049ea26 LTS Releases: 21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz 20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz 19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz CVE: CVE-2022-2132 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=1031 Severity: 8.6 (High) CVSS scores: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
