mirror of
git://git.yoctoproject.org/meta-dpdk.git
synced 2025-07-05 05:04:45 +02:00
dpdk: fix CVE-2024-11614
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset. Reference: https://security-tracker.debian.org/tracker/CVE-2024-11614 Upstream-patch: https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
Divya Chellam
Anuj Mittal
parent
e83a76ee92
commit
2b03da4eba
44
recipes-extended/dpdk/dpdk/CVE-2024-11614.patch
Normal file
44
recipes-extended/dpdk/dpdk/CVE-2024-11614.patch
Normal file
|
|
@ -0,0 +1,44 @@
|
||||||
|
From 4dc4e33ffa108e945fc8a1e2bbc7819791faa61e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Olivier Matz <olivier.matz@6wind.com>
|
||||||
|
Date: Thu, 28 Nov 2024 12:09:56 +0100
|
||||||
|
Subject: [PATCH] net/virtio: fix Rx checksum calculation
|
||||||
|
|
||||||
|
If hdr->csum_start is larger than packet length, the len argument passed
|
||||||
|
to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
|
||||||
|
|
||||||
|
Ignore checksum computation in this case.
|
||||||
|
|
||||||
|
CVE-2024-11614
|
||||||
|
|
||||||
|
Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
|
||||||
|
|
||||||
|
Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
|
||||||
|
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
|
||||||
|
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
|
||||||
|
|
||||||
|
CVE: CVE-2024-11614
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e]
|
||||||
|
|
||||||
|
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
||||||
|
---
|
||||||
|
lib/vhost/virtio_net.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
|
||||||
|
index 895a79cf51..058b5842f2 100644
|
||||||
|
--- a/lib/vhost/virtio_net.c
|
||||||
|
+++ b/lib/vhost/virtio_net.c
|
||||||
|
@@ -2831,6 +2831,9 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr,
|
||||||
|
*/
|
||||||
|
uint16_t csum = 0, off;
|
||||||
|
|
||||||
|
+ if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
if (rte_raw_cksum_mbuf(m, hdr->csum_start,
|
||||||
|
rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
|
||||||
|
return;
|
||||||
|
--
|
||||||
|
2.40.0
|
||||||
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
include dpdk.inc
|
include dpdk.inc
|
||||||
|
|
||||||
SRC_URI += " file://0001-config-meson-get-cpu_instruction_set-from-meson-opti.patch "
|
SRC_URI += " file://0001-config-meson-get-cpu_instruction_set-from-meson-opti.patch \
|
||||||
|
file://CVE-2024-11614.patch \
|
||||||
|
"
|
||||||
|
|
||||||
STABLE = "-stable"
|
STABLE = "-stable"
|
||||||
BRANCH = "23.11"
|
BRANCH = "23.11"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user