SUSE update for dpdk

Published: 2024-02-19

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2022-2132
CWE-ID	CWE-399
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software Subscribe	SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP3 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system dpdk-thunderx-kmp-default Operating systems & Components / Operating system package or component dpdk-thunderx-tools-debuginfo Operating systems & Components / Operating system package or component dpdk-thunderx-examples Operating systems & Components / Operating system package or component dpdk-thunderx-kmp-preempt Operating systems & Components / Operating system package or component dpdk-thunderx-tools Operating systems & Components / Operating system package or component dpdk-thunderx-devel-debuginfo Operating systems & Components / Operating system package or component dpdk-thunderx-examples-debuginfo Operating systems & Components / Operating system package or component dpdk-thunderx Operating systems & Components / Operating system package or component dpdk-thunderx-kmp-preempt-debuginfo Operating systems & Components / Operating system package or component dpdk-thunderx-debugsource Operating systems & Components / Operating system package or component dpdk-thunderx-kmp-default-debuginfo Operating systems & Components / Operating system package or component dpdk-thunderx-devel Operating systems & Components / Operating system package or component dpdk-thunderx-debuginfo Operating systems & Components / Operating system package or component dpdk-kmp-preempt-debuginfo Operating systems & Components / Operating system package or component dpdk-kmp-preempt Operating systems & Components / Operating system package or component dpdk-thunderx-doc Operating systems & Components / Operating system package or component dpdk-doc Operating systems & Components / Operating system package or component libdpdk-20_0-debuginfo Operating systems & Components / Operating system package or component dpdk Operating systems & Components / Operating system package or component dpdk-examples Operating systems & Components / Operating system package or component dpdk-examples-debuginfo Operating systems & Components / Operating system package or component dpdk-tools Operating systems & Components / Operating system package or component dpdk-devel-debuginfo Operating systems & Components / Operating system package or component libdpdk-20_0 Operating systems & Components / Operating system package or component dpdk-debuginfo Operating systems & Components / Operating system package or component dpdk-debugsource Operating systems & Components / Operating system package or component dpdk-tools-debuginfo Operating systems & Components / Operating system package or component dpdk-kmp-default-debuginfo Operating systems & Components / Operating system package or component dpdk-kmp-default Operating systems & Components / Operating system package or component dpdk-devel Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Resource management error

EUVDB-ID: #VU66871

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2132

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the copy_desc_to_mbuf() function when processing Vhost header. A remote guest can send a packet with the Vhost header crossing more than two descriptors and force application to allocate all available mbufs, causing a denial of service condition for the other guest running on the hypervisor.

Mitigation

Update the affected package dpdk to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 15: SP3

SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3

SUSE Linux Enterprise Server 15: SP3

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3

SUSE Linux Enterprise High Performance Computing 15: SP3

SUSE Enterprise Storage: 7.1

openSUSE Leap: 15.3

dpdk-thunderx-kmp-default: before 19.11.4_k5.3.18_150300.59.147-150300.21.1

dpdk-thunderx-tools-debuginfo: before 19.11.4-150300.21.1

dpdk-thunderx-examples: before 19.11.4-150300.21.1

dpdk-thunderx-kmp-preempt: before 19.11.4_k5.3.18_150300.59.147-150300.21.1

dpdk-thunderx-tools: before 19.11.4-150300.21.1

dpdk-thunderx-devel-debuginfo: before 19.11.4-150300.21.1

dpdk-thunderx-examples-debuginfo: before 19.11.4-150300.21.1

dpdk-thunderx: before 19.11.4-150300.21.1

dpdk-thunderx-kmp-preempt-debuginfo: before 19.11.4_k5.3.18_150300.59.147-150300.21.1

dpdk-thunderx-debugsource: before 19.11.4-150300.21.1

dpdk-thunderx-kmp-default-debuginfo: before 19.11.4_k5.3.18_150300.59.147-150300.21.1

dpdk-thunderx-devel: before 19.11.4-150300.21.1

dpdk-thunderx-debuginfo: before 19.11.4-150300.21.1

dpdk-kmp-preempt-debuginfo: before 19.11.4_k5.3.18_150300.59.147-150300.21.1

dpdk-kmp-preempt: before 19.11.4_k5.3.18_150300.59.147-150300.21.1

dpdk-thunderx-doc: before 19.11.4-150300.21.1

dpdk-doc: before 19.11.4-150300.21.1

libdpdk-20_0-debuginfo: before 19.11.4-150300.21.1

dpdk: before 19.11.4-150300.21.1

dpdk-examples: before 19.11.4-150300.21.1

dpdk-examples-debuginfo: before 19.11.4-150300.21.1

dpdk-tools: before 19.11.4-150300.21.1

dpdk-devel-debuginfo: before 19.11.4-150300.21.1

libdpdk-20_0: before 19.11.4-150300.21.1

dpdk-debuginfo: before 19.11.4-150300.21.1

dpdk-debugsource: before 19.11.4-150300.21.1

dpdk-tools-debuginfo: before 19.11.4-150300.21.1

dpdk-kmp-default-debuginfo: before 19.11.4_k5.3.18_150300.59.147-150300.21.1

dpdk-kmp-default: before 19.11.4_k5.3.18_150300.59.147-150300.21.1

dpdk-devel: before 19.11.4-150300.21.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20240531-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.