Bug 2377 - [Anolis OS 7] Bugfix for CVE-2022-2132
Summary: [Anolis OS 7] Bugfix for CVE-2022-2132
Status: RESOLVED WONTFIX
Alias: None
Product: Anolis OS 7
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 7.7
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: 杨晓旋
QA Contact: 杨晓旋
URL:
Whiteboard:
Keywords: CVE
Depends on:
Blocks:
 
Reported: 2022-10-13 13:06 UTC by 小龙
Modified: 2022-11-01 11:01 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description 小龙 admin 2022-10-13 13:06:23 UTC 
CVSS: 8.6
Severity: Important
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

BugFix: 
Source: ubuntu
Fix patch: https://git.dpdk.org/dpdk/commit/?id=71bd0cc536ad6d84188d947d6f24c17400d8f623 (main)
Source: ubuntu
Fix patch: https://git.dpdk.org/dpdk/commit/?id=dc1516e260a0df272b218392faf6db3cbf45e717 (main)
Source: ubuntu
Fix patch: https://git.dpdk.org/dpdk-stable/commit/?id=f167022606b5ccca27a627ae599538ce2348ef67 (v21.11.2)
Source: ubuntu
Fix patch: https://git.dpdk.org/dpdk-stable/commit/?id=e12d415556994d0901c317f6338ed2961185465f (v21.11.2)
Source: ubuntu
Fix patch: https://git.dpdk.org/dpdk-stable/commit/?id=8fff8520f356635f6ac3755df1d04f9f1d097968 (v20.11.6)
Source: ubuntu
Fix patch: https://git.dpdk.org/dpdk-stable/commit/?id=089e01b375eb8e5394603308d17ee84b551ff369 (v20.11.6)
Source: ubuntu
Fix patch: https://git.dpdk.org/dpdk-stable/commit/?id=5b3c25e6ee2c68887aae166aed57d0b4af91fa60 (v19.11.13)
Source: ubuntu
Fix patch: https://git.dpdk.org/dpdk-stable/commit/?id=e73049ea26a588518bde750f46ac700462a598ed (v19.11.13)
Comment 1 Shiloong admin 2022-11-01 11:01:00 UTC 
In case of DPDK was used by re-developed with customer's application, from the upstream directly.