Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0166: Red Hat Security Advisory: dpdk security update

An update for dpdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-16

Updated:

2023-01-16

RHSA-2023:0166 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: dpdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for dpdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space.

Security Fix(es):

  • dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs (CVE-2022-2132)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2099475 - CVE-2022-2132 dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

dpdk-19.11-6.el8_2.src.rpm

SHA-256: 75e9d137af86b9a089d3371e23ad771ee395a3d76b45fb78919d06b244ca0e46

x86_64

dpdk-19.11-6.el8_2.x86_64.rpm

SHA-256: 377d76c0423a2a343dc3b091cc8ac5f0bf7bfc591c255a08fe3d21179b8c5b70

dpdk-debuginfo-19.11-6.el8_2.x86_64.rpm

SHA-256: 77dbd229eee69d744238a5ec40ccc1392a2bc853fbbca73a75b735fb46a438c9

dpdk-debugsource-19.11-6.el8_2.x86_64.rpm

SHA-256: 07892b4628056d1f55d96d8b5870b06fa8f54445532846520d8c3134c8148fbc

dpdk-devel-19.11-6.el8_2.x86_64.rpm

SHA-256: 864cb273152d743c04ee6881d68fc13e66543e27ad7bb380eb7a3672583421ef

dpdk-devel-debuginfo-19.11-6.el8_2.x86_64.rpm

SHA-256: f27e6f699522e374f1f9226c74b0923d86377b793781b1911e3ba5b789f21a31

dpdk-doc-19.11-6.el8_2.noarch.rpm

SHA-256: f5d13171485e6fe19d4b2ccfce93ad3ac9df485ebad3e702206cc69a24233cb7

dpdk-tools-19.11-6.el8_2.x86_64.rpm

SHA-256: 254cebacf2f2c7ee5c34f87609a6144046a300e17c7181a89cd6b483772cfbe4

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

dpdk-19.11-6.el8_2.src.rpm

SHA-256: 75e9d137af86b9a089d3371e23ad771ee395a3d76b45fb78919d06b244ca0e46

x86_64

dpdk-19.11-6.el8_2.x86_64.rpm

SHA-256: 377d76c0423a2a343dc3b091cc8ac5f0bf7bfc591c255a08fe3d21179b8c5b70

dpdk-debuginfo-19.11-6.el8_2.x86_64.rpm

SHA-256: 77dbd229eee69d744238a5ec40ccc1392a2bc853fbbca73a75b735fb46a438c9

dpdk-debugsource-19.11-6.el8_2.x86_64.rpm

SHA-256: 07892b4628056d1f55d96d8b5870b06fa8f54445532846520d8c3134c8148fbc

dpdk-devel-19.11-6.el8_2.x86_64.rpm

SHA-256: 864cb273152d743c04ee6881d68fc13e66543e27ad7bb380eb7a3672583421ef

dpdk-devel-debuginfo-19.11-6.el8_2.x86_64.rpm

SHA-256: f27e6f699522e374f1f9226c74b0923d86377b793781b1911e3ba5b789f21a31

dpdk-doc-19.11-6.el8_2.noarch.rpm

SHA-256: f5d13171485e6fe19d4b2ccfce93ad3ac9df485ebad3e702206cc69a24233cb7

dpdk-tools-19.11-6.el8_2.x86_64.rpm

SHA-256: 254cebacf2f2c7ee5c34f87609a6144046a300e17c7181a89cd6b483772cfbe4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

dpdk-19.11-6.el8_2.src.rpm

SHA-256: 75e9d137af86b9a089d3371e23ad771ee395a3d76b45fb78919d06b244ca0e46

ppc64le

dpdk-19.11-6.el8_2.ppc64le.rpm

SHA-256: 0597a86e72fbf2300440f346b7b4e084562e61a7cbfff67c988c4ac0f535092f

dpdk-debuginfo-19.11-6.el8_2.ppc64le.rpm

SHA-256: 7717d369fe8ffac14770f37b3f8e34d02ef17137a1b4bf4a30e0e041a6913874

dpdk-debugsource-19.11-6.el8_2.ppc64le.rpm

SHA-256: f294bb8ce125bac511099c03f05fc8ddecf305ce454b5de75005c280b6742175

dpdk-devel-19.11-6.el8_2.ppc64le.rpm

SHA-256: 0bae39f8889de719f4c5cb2720a1d405ec4b65293c06f618fa7f6f6e5c695e6b

dpdk-devel-debuginfo-19.11-6.el8_2.ppc64le.rpm

SHA-256: 509c69c83cdd2f3c6de3d05427f73c4e43fa25e79e0f166a49cdeb796f6bb81e

dpdk-doc-19.11-6.el8_2.noarch.rpm

SHA-256: f5d13171485e6fe19d4b2ccfce93ad3ac9df485ebad3e702206cc69a24233cb7

dpdk-tools-19.11-6.el8_2.ppc64le.rpm

SHA-256: 54ec3865c6559b469943c4c0bd4a1cc4b4f437aeb6e2113bd4627cc39a5545f8

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

dpdk-19.11-6.el8_2.src.rpm

SHA-256: 75e9d137af86b9a089d3371e23ad771ee395a3d76b45fb78919d06b244ca0e46

x86_64

dpdk-19.11-6.el8_2.x86_64.rpm

SHA-256: 377d76c0423a2a343dc3b091cc8ac5f0bf7bfc591c255a08fe3d21179b8c5b70

dpdk-debuginfo-19.11-6.el8_2.x86_64.rpm

SHA-256: 77dbd229eee69d744238a5ec40ccc1392a2bc853fbbca73a75b735fb46a438c9

dpdk-debugsource-19.11-6.el8_2.x86_64.rpm

SHA-256: 07892b4628056d1f55d96d8b5870b06fa8f54445532846520d8c3134c8148fbc

dpdk-devel-19.11-6.el8_2.x86_64.rpm

SHA-256: 864cb273152d743c04ee6881d68fc13e66543e27ad7bb380eb7a3672583421ef

dpdk-devel-debuginfo-19.11-6.el8_2.x86_64.rpm

SHA-256: f27e6f699522e374f1f9226c74b0923d86377b793781b1911e3ba5b789f21a31

dpdk-doc-19.11-6.el8_2.noarch.rpm

SHA-256: f5d13171485e6fe19d4b2ccfce93ad3ac9df485ebad3e702206cc69a24233cb7

dpdk-tools-19.11-6.el8_2.x86_64.rpm

SHA-256: 254cebacf2f2c7ee5c34f87609a6144046a300e17c7181a89cd6b483772cfbe4

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-0168-01

Red Hat Security Advisory 2023-0168-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0166-01

Red Hat Security Advisory 2023-0166-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0169-01

Red Hat Security Advisory 2023-0169-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include a denial of service vulnerability.

RHSA-2022:8263: Red Hat Security Advisory: dpdk security and bug fix update

An update for dpdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3839: DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-28199: dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service

RHSA-2022:7268: Red Hat Security Advisory: Red Hat OpenStack Platform 13.0 (openvswitch2.11) security update

An update for openvswitch2.11 is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

Red Hat Security Advisory 2022-6551-01

Red Hat Security Advisory 2022-6551-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, information leakage, privilege escalation, and use-after...

Red Hat Security Advisory 2022-6384-01

Red Hat Security Advisory 2022-6384-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6385-01

Red Hat Security Advisory 2022-6385-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6383-01

Red Hat Security Advisory 2022-6383-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

RHSA-2022:6385: Red Hat Security Advisory: openvswitch2.15 security update

An update for openvswitch2.15 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

RHSA-2022:6386: Red Hat Security Advisory: openvswitch2.17 security update

An update for openvswitch2.17 is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

RHSA-2022:6382: Red Hat Security Advisory: openvswitch2.16 security update

An update for openvswitch2.16 is now available for Fast Datapath for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

CVE-2022-2132: Invalid Bug ID

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.