CVE-2022-2132: DPDK copy_desc_to_mbuf() Vhost header vulnerability

[Thomas Monjalon <thomas () monjalon net>]

A vulnerability was fixed in DPDK.
Some downstream stakeholders were warned in advance
in order to coordinate the release of fixes
and reduce the vulnerability window.

In copy_desc_to_mbuf() function,
the Vhost header was assumed not across more than two descriptors.

If a malicious guest send a packet
with the Vhost header crossing more than two descriptors,
the buf_avail will be a very large number near 4G.

All the mbufs will be allocated,
therefore other guests traffic will be blocked.
A malicious guest can cause denial of service
for the other guest running on the hypervisor.

CVE: CVE-2022-2132
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=1031
Severity: 8.6 (High)
CVSS scores: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Commits per branch:
        main
                https://git.dpdk.org/dpdk/commit/?id=71bd0cc536
                https://git.dpdk.org/dpdk/commit/?id=dc1516e260
        21.11
                https://git.dpdk.org/dpdk-stable/commit/?id=f167022606
                https://git.dpdk.org/dpdk-stable/commit/?id=e12d415556
        20.11
                https://git.dpdk.org/dpdk-stable/commit/?id=8fff8520f3
                https://git.dpdk.org/dpdk-stable/commit/?id=089e01b375
        19.11
                https://git.dpdk.org/dpdk-stable/commit/?id=5b3c25e6ee
                https://git.dpdk.org/dpdk-stable/commit/?id=e73049ea26

LTS Releases:
        21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
        20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz
        19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz

CVE: CVE-2022-2132
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=1031
Severity: 8.6 (High)
CVSS scores: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H