CVE-2022-28199: Input Validation
First published: Tue Aug 30 2022(Updated: )
A vulnerability was fixed in DPDK. When having a failure with the mlx5 driver, the error recovery was not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. Commits per branch: main - <a href="https://git.dpdk.org/dpdk/commit/?id=60b254e392">https://git.dpdk.org/dpdk/commit/?id=60b254e392</a> 21.11 - <a href="https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd323">https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd323</a> 20.11 - <a href="https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d2">https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d2</a> 19.11 - <a href="https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664">https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664</a> LTS Releases: 21.11 - <a href="http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz">http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz</a> 20.11 - <a href="http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz">http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz</a> 19.11 - <a href="http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz">http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz</a>
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nvidia Data Plane Development Kit | >=19.11_1.0.0<20.11_5.0.0 | |
| Linux Linux kernel | ||
| Microsoft Windows | ||
| redhat/openvswitch2.13 | <0:2.13.0-193.3.el8fd | 0:2.13.0-193.3.el8fd |
| redhat/openvswitch2.17 | <0:2.17.0-37.4.el8fd | 0:2.17.0-37.4.el8fd |
| redhat/openvswitch2.15 | <0:2.15.0-113.3.el8fd | 0:2.15.0-113.3.el8fd |
| redhat/openvswitch2.16 | <0:2.16.0-89.3.el8fd | 0:2.16.0-89.3.el8fd |
| redhat/openvswitch2.17 | <0:2.17.0-32.4.el9fd | 0:2.17.0-32.4.el9fd |
| redhat/dpdk | <2:21.11.2-1.el9_1 | 2:21.11.2-1.el9_1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2022/09/06/2
- https://nvidia.custhelp.com/app/answers/detail/a_id/5389
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8
- https://git.dpdk.org/dpdk/commit/?id=60b254e392
- https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd323
- https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d2
- https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664
- http://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
- http://fast.dpdk.org/rel/dpdk-20.11.6.tar.xz
- http://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2123550
- https://access.redhat.com/errata/RHSA-2022:6503
- https://access.redhat.com/errata/RHSA-2022:6502
- https://access.redhat.com/errata/RHSA-2022:6504
- https://access.redhat.com/errata/RHSA-2022:6505
- https://access.redhat.com/errata/RHSA-2022:6506
- https://docs.google.com/spreadsheets/d/1U9nZRcgzXTd1kLuP2GgTGM2DaaJ-6jlYT2UYvX8Gb9g/edit#gid=398691140
- https://access.redhat.com/errata/RHSA-2022:8263
- https://access.redhat.com/security/cve/cve-2022-28199
- https://bugzilla.redhat.com/show_bug.cgi?id=2123549
- https://www.cve.org/CVERecord?id=CVE-2022-28199 https://nvd.nist.gov/vuln/detail/CVE-2022-28199
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/references
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-28199
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/trending
- package-manager/redhat
- vendor/nvidia
- canonical/nvidia data plane development kit
- version/nvidia data plane development kit/19.11_1.0.0
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows