[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-28199: DPDK mlx5 driver error recovery handling vulnerability
From: Thomas Monjalon <thomas () monjalon ! net>
Date: 2022-08-29 17:55:17
Message-ID: 16136472.hlxOUv9cDv () thomas
[Download RAW message or body]
A vulnerability was fixed in DPDK.
Some downstream stakeholders were warned in advance
in order to coordinate the release of fixes
and reduce the vulnerability window.
When having a failure with the mlx5 driver,
the error recovery was not handled properly,
which can allow a remote attacker to cause denial of service
and some impact to data integrity and confidentiality.
CVE: CVE-2022-28199
Severity: 6.5
CVSS scores: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Commits per branch:
main - https://git.dpdk.org/dpdk/commit/?id=60b254e392
21.11 - https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd323
20.11 - https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d2
19.11 - https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664
LTS Releases:
21.11 - http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
20.11 - http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz
19.11 - http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic