oss-sec mailing list archives
CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability
From: Thomas Monjalon <thomas () monjalon net>
Date: Mon, 29 Aug 2022 19:55:17 +0200
A vulnerability was fixed in DPDK. Some downstream stakeholders were warned in advance in order to coordinate the release of fixes and reduce the vulnerability window. When having a failure with the mlx5 driver, the error recovery was not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. CVE: CVE-2022-28199 Severity: 6.5 CVSS scores: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Commits per branch: main - https://git.dpdk.org/dpdk/commit/?id=60b254e392 21.11 - https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd323 20.11 - https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d2 19.11 - https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664 LTS Releases: 21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz 20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz 19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz
Current thread:
- CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability Thomas Monjalon (Aug 29)
- <Possible follow-ups>
- Re: CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability Joey (Sep 06)