Debian Bug report logs -
#1019589
dpdk: CVE-2022-28199 CVE-2022-2132
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian DPDK Maintainers <pkg-dpdk-devel@lists.alioth.debian.org>
:
Bug#1019589
; Package src:dpdk
.
(Mon, 12 Sep 2022 18:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian DPDK Maintainers <pkg-dpdk-devel@lists.alioth.debian.org>
.
(Mon, 12 Sep 2022 18:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: dpdk
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities are fixed in DSA 5222, but filing a bug
to track the fix in unstable:
CVE-2022-28199[0]:
| NVIDIA&#8217;s distribution of the Data Plane Development Kit
| (MLNX_DPDK) contains a vulnerability in the network stack, where error
| recovery is not handled properly, which can allow a remote attacker to
| cause denial of service and some impact to data integrity and
| confidentiality.
CVE-2022-2132[1]:
| A permissive list of allowed inputs flaw was found in DPDK. This issue
| allows a remote attacker to cause a denial of service triggered by
| sending a crafted Vhost header to DPDK.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-28199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
[1] https://security-tracker.debian.org/tracker/CVE-2022-2132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
Please adjust the affected versions in the BTS as needed.
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 12 Sep 2022 18:48:02 GMT) (full text, mbox, link).
Marked as found in versions dpdk/21.11-5.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 12 Sep 2022 18:48:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Sep 13 13:20:23 2022;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.