6547 – [Anolis OS 7] Bugfix for CVE-2022-2132

Bug 6547 - [Anolis OS 7] Bugfix for CVE-2022-2132

Summary: [Anolis OS 7] Bugfix for CVE-2022-2132

Status:	NEW

Alias:	None

Product:	Anolis OS 7
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	7.7
Hardware:	All Linux

Importance:	P2-High S2-major
Target Milestone:	---
Assignee:	杨晓旋
QA Contact:	杨晓旋

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2023-09-12 11:17 UTC by 小龙
Modified:	2023-09-12 11:17 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 小龙 admin

2023-09-12 11:17:34 UTC

Description:
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

Broken commit info:

Bugfix commit info:
https://git.dpdk.org/dpdk-stable/commit/?id=8fff8520f356635f6ac3755df1d04f9f1d097968 (v20.11.6)
https://git.dpdk.org/dpdk/commit/?id=71bd0cc536ad6d84188d947d6f24c17400d8f623 (main)
https://git.dpdk.org/dpdk/commit/?id=dc1516e260a0df272b218392faf6db3cbf45e717 (main)
https://git.dpdk.org/dpdk-stable/commit/?id=089e01b375eb8e5394603308d17ee84b551ff369 (v20.11.6)
https://git.dpdk.org/dpdk-stable/commit/?id=e12d415556994d0901c317f6338ed2961185465f (v21.11.2)
https://git.dpdk.org/dpdk-stable/commit/?id=e73049ea26a588518bde750f46ac700462a598ed (v19.11.13)
https://git.dpdk.org/dpdk-stable/commit/?id=5b3c25e6ee2c68887aae166aed57d0b4af91fa60 (v19.11.13)
https://git.dpdk.org/dpdk-stable/commit/?id=f167022606b5ccca27a627ae599538ce2348ef67 (v21.11.2)