A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Weakness
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Data_plane_development_kit | Dpdk | 16.04 (including) | 16.11.10 (excluding) |
| Data_plane_development_kit | Dpdk | 17.02 (including) | 17.11.8 (excluding) |
| Data_plane_development_kit | Dpdk | 18.02 (including) | 18.11.4 (excluding) |
| Data_plane_development_kit | Dpdk | 19.02 (including) | 19.08.1 (excluding) |
| Fast Datapath for Red Hat Enterprise Linux 7 | RedHat | openvswitch-0:2.9.0-124.el7fdp | * |
| Fast Datapath for Red Hat Enterprise Linux 7 | RedHat | openvswitch2.11-0:2.11.0-35.el7fdp | * |
| Fast Datapath for Red Hat Enterprise Linux 7 | RedHat | openvswitch2.12-0:2.12.0-12.el7fdp | * |
| Fast Datapath for Red Hat Enterprise Linux 8 | RedHat | openvswitch2.11-0:2.11.0-35.el8fdp | * |
| Fast Datapath for Red Hat Enterprise Linux 8 | RedHat | openvswitch2.12-0:2.12.0-12.el8fdp | * |
| Red Hat Enterprise Linux 7 Extras | RedHat | dpdk-0:18.11.5-1.el7_8 | * |
| Red Hat Enterprise Linux 8 | RedHat | dpdk-0:19.11-4.el8 | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | ansible-role-redhat-subscription-0:1.0.4-2.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | openstack-manila-1:6.3.2-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | openstack-octavia-ui-0:1.0.2-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | openstack-tempest-1:18.0.0-13.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | openvswitch2.11-0:2.11.0-35.el7fdp | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-barbican-tests-tempest-0:0.1.0-0.20180828144800.b8bf147.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-hardware-0:0.23.0-0.20200117070144.59211cc.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-keystoneauth1-0:3.4.1-2.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-keystonemiddleware-0:4.22.0-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-neutron-lib-0:1.13.0-2.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-novajoin-0:1.3.0-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-octavia-tests-tempest-0:1.1.0-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-openstackclient-0:3.14.3-5.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-openstacksdk-0:0.11.4-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-os-testr-0:1.0.1-0.20200218144109.7dd678e.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-os-vif-0:1.9.2-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-ovsdbapp-0:0.10.4-2.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-tempestconf-0:2.4.0-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | rabbitmq-server-0:3.6.15-6.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | rhosp-release-0:13.0.11-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | ansible-role-redhat-subscription-0:1.0.4-2.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | openstack-manila-1:6.3.2-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | openstack-octavia-ui-0:1.0.2-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | openstack-tempest-1:18.0.0-13.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-barbican-tests-tempest-0:0.1.0-0.20180828144800.b8bf147.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-hardware-0:0.23.0-0.20200117070144.59211cc.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-keystoneauth1-0:3.4.1-2.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-keystonemiddleware-0:4.22.0-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-neutron-lib-0:1.13.0-2.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-novajoin-0:1.3.0-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-octavia-tests-tempest-0:1.1.0-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-openstackclient-0:3.14.3-5.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-openstacksdk-0:0.11.4-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-os-testr-0:1.0.1-0.20200218144109.7dd678e.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-os-vif-0:1.9.2-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-ovsdbapp-0:0.10.4-2.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-tempestconf-0:2.4.0-1.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | rabbitmq-server-0:3.6.15-6.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | rhosp-release-0:13.0.11-1.el7ost | * |
| Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS | RedHat | openvswitch-0:2.9.0-124.el7fdp | * |
| Dpdk | Ubuntu | bionic | * |
| Dpdk | Ubuntu | disco | * |
| Dpdk | Ubuntu | eoan | * |
| Dpdk | Ubuntu | esm-infra/bionic | * |
| Dpdk | Ubuntu | esm-infra/xenial | * |
| Dpdk | Ubuntu | trusty | * |
| Dpdk | Ubuntu | xenial | * |
Potential Mitigations
- Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
- For example, glibc in Linux provides protection against free of invalid pointers.
- When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
- To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
References
- https://access.redhat.com/errata/RHSA-2020:0165
- https://access.redhat.com/errata/RHSA-2020:0166
- https://access.redhat.com/errata/RHSA-2020:0168
- https://access.redhat.com/errata/RHSA-2020:0171
- https://access.redhat.com/errata/RHSA-2020:0172
- https://bugs.dpdk.org/show_bug.cgi?id=363
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/
- https://access.redhat.com/errata/RHSA-2020:0165
- https://access.redhat.com/errata/RHSA-2020:0166
- https://access.redhat.com/errata/RHSA-2020:0168
- https://access.redhat.com/errata/RHSA-2020:0171
- https://access.redhat.com/errata/RHSA-2020:0172
- https://bugs.dpdk.org/show_bug.cgi?id=363
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/