Security update for dpdk SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:2768-1 Final 1 1 2020-09-28T15:48:53Z current 2020-09-28T15:48:53Z 2020-09-28T15:48:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dpdk This update for dpdk fixes the following issues: - dpdk was updated to 18.11.9. For a list of fixes check: - CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,CVE-2020-14377,CVE-2020-14378: Fixed multiple issues where a malicious guest could harm the host using vhost crypto, including executing code in host (VM Escape), reading host application memory space to guest and causing partially denial of service in the host(bsc#1176590). For a list of fixes check: https://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html#fixes The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2020-2768,SUSE-SLE-SDK-12-SP5-2020-2768,SUSE-SLE-SERVER-12-SP5-2020-2768 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20202768-1/ Link for SUSE-SU-2020:2768-1 https://lists.suse.com/pipermail/sle-security-updates/2020-September/007490.html E-Mail link for SUSE-SU-2020:2768-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1176590 SUSE Bug 1176590 https://www.suse.com/security/cve/CVE-2020-14374/ SUSE CVE CVE-2020-14374 page https://www.suse.com/security/cve/CVE-2020-14375/ SUSE CVE CVE-2020-14375 page https://www.suse.com/security/cve/CVE-2020-14376/ SUSE CVE CVE-2020-14376 page https://www.suse.com/security/cve/CVE-2020-14377/ SUSE CVE CVE-2020-14377 page https://www.suse.com/security/cve/CVE-2020-14378/ SUSE CVE CVE-2020-14378 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 dpdk-18.11.9-3.15.1 dpdk-devel-18.11.9-3.15.1 dpdk-doc-18.11.9-3.15.1 dpdk-examples-18.11.9-3.15.1 dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 dpdk-thunderx-18.11.9-3.15.1 dpdk-thunderx-devel-18.11.9-3.15.1 dpdk-thunderx-doc-18.11.9-3.15.1 dpdk-thunderx-examples-18.11.9-3.15.1 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 dpdk-thunderx-tools-18.11.9-3.15.1 dpdk-tools-18.11.9-3.15.1 libdpdk-18_11-18.11.9-3.15.1 dpdk-18.11.9-3.15.1 as a component of SUSE Linux Enterprise Server 12 SP5 dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 as a component of SUSE Linux Enterprise Server 12 SP5 dpdk-thunderx-18.11.9-3.15.1 as a component of SUSE Linux Enterprise Server 12 SP5 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 as a component of SUSE Linux Enterprise Server 12 SP5 dpdk-tools-18.11.9-3.15.1 as a component of SUSE Linux Enterprise Server 12 SP5 libdpdk-18_11-18.11.9-3.15.1 as a component of SUSE Linux Enterprise Server 12 SP5 dpdk-18.11.9-3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 dpdk-thunderx-18.11.9-3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 dpdk-tools-18.11.9-3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libdpdk-18_11-18.11.9-3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 dpdk-devel-18.11.9-3.15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 dpdk-thunderx-devel-18.11.9-3.15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14374 SUSE Linux Enterprise Server 12 SP5:dpdk-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-tools-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:libdpdk-18_11-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-thunderx-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-tools-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libdpdk-18_11-18.11.9-3.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:dpdk-devel-18.11.9-3.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:dpdk-thunderx-devel-18.11.9-3.15.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20202768-1/ https://www.suse.com/security/cve/CVE-2020-14374.html CVE-2020-14374 https://bugzilla.suse.com/1176590 SUSE Bug 1176590 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14375 SUSE Linux Enterprise Server 12 SP5:dpdk-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-tools-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:libdpdk-18_11-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-thunderx-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-tools-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libdpdk-18_11-18.11.9-3.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:dpdk-devel-18.11.9-3.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:dpdk-thunderx-devel-18.11.9-3.15.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20202768-1/ https://www.suse.com/security/cve/CVE-2020-14375.html CVE-2020-14375 https://bugzilla.suse.com/1176590 SUSE Bug 1176590 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14376 SUSE Linux Enterprise Server 12 SP5:dpdk-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-tools-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:libdpdk-18_11-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-thunderx-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-tools-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libdpdk-18_11-18.11.9-3.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:dpdk-devel-18.11.9-3.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:dpdk-thunderx-devel-18.11.9-3.15.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20202768-1/ https://www.suse.com/security/cve/CVE-2020-14376.html CVE-2020-14376 https://bugzilla.suse.com/1176590 SUSE Bug 1176590 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability. CVE-2020-14377 SUSE Linux Enterprise Server 12 SP5:dpdk-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-tools-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:libdpdk-18_11-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-thunderx-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-tools-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libdpdk-18_11-18.11.9-3.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:dpdk-devel-18.11.9-3.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:dpdk-thunderx-devel-18.11.9-3.15.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20202768-1/ https://www.suse.com/security/cve/CVE-2020-14377.html CVE-2020-14377 https://bugzilla.suse.com/1176590 SUSE Bug 1176590 An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. CVE-2020-14378 SUSE Linux Enterprise Server 12 SP5:dpdk-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server 12 SP5:dpdk-tools-18.11.9-3.15.1 SUSE Linux Enterprise Server 12 SP5:libdpdk-18_11-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-thunderx-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:dpdk-tools-18.11.9-3.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libdpdk-18_11-18.11.9-3.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:dpdk-devel-18.11.9-3.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:dpdk-thunderx-devel-18.11.9-3.15.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20202768-1/ https://www.suse.com/security/cve/CVE-2020-14378.html CVE-2020-14378 https://bugzilla.suse.com/1176590 SUSE Bug 1176590