Ubuntu
dpdk package

Backport dpdk as MRE for bionic, focal, impish, jammy (September)

Bug #1975764 reported by Bryce Harrington on 2022-05-26

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
dpdk (Ubuntu)	Fix Released	Undecided	Christian Ehrhardt 	Ubuntu ubuntu-22.09
Bionic	Fix Released	Undecided	Ubuntu Security Team
Focal	Fix Released	Undecided	Christian Ehrhardt 
Jammy	Fix Released	Undecided	Christian Ehrhardt 
Kinetic	Fix Released	Undecided	Christian Ehrhardt 	Ubuntu ubuntu-22.09

Bug Description

Backport dpdk as MRE for bionic, focal, impish, jammy

Tags:

CVE References

Bryce Harrington (bryce) on 2022-05-26

Changed in dpdk (Ubuntu):
milestone:	none → ubuntu-22.09

Bryce Harrington (bryce) on 2022-05-26

summary:

- Backport dpdk as MRE for bionic, focal, impish, jammy
+ Backport dpdk as MRE for bionic, focal, impish, jammy (September)

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-09-05:

There is no new version for 17.11.x anymore - so Bionic is up to the security team to consider for https://ubuntu.com/security/CVE-2022-2132

The work on the rest is started

Changed in dpdk (Ubuntu Bionic):
status:	New → Confirmed
assignee:	nobody → Ubuntu Security Team (ubuntu-security)
no longer affects:	dpdk (Ubuntu Impish)

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-09-05:

CVE references: https://bugs.dpdk.org/show_bug.cgi?id=1031

Upstream released 21.11.2 and 19.11.13 which we will prepare as updates for F/J/K

Christian Ehrhardt  (paelzer) on 2022-09-08

Changed in dpdk (Ubuntu Focal):
status:	New → In Progress
Changed in dpdk (Ubuntu Jammy):
status:	New → In Progress
Changed in dpdk (Ubuntu Kinetic):
status:	New → In Progress
Changed in dpdk (Ubuntu Focal):
assignee:	nobody → Christian Ehrhardt  (paelzer)
Changed in dpdk (Ubuntu Kinetic):
assignee:	nobody → Christian Ehrhardt  (paelzer)
Changed in dpdk (Ubuntu Jammy):
assignee:	nobody → Christian Ehrhardt  (paelzer)
tags:	added: server-todo

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-09-08 (last edit on 2022-09-08):

Started a PPA for build and tests => https://launchpad.net/~paelzer/+archive/ubuntu/lp-1975764-dpdk-mre-sept-2022
MPs:
- F: https://code.launchpad.net/~paelzer/ubuntu/+source/dpdk/+git/dpdk/+merge/429621
- J: https://code.launchpad.net/~paelzer/ubuntu/+source/dpdk/+git/dpdk/+merge/429622
- K: https://code.launchpad.net/~paelzer/ubuntu/+source/dpdk/+git/dpdk/+merge/429623

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-09-09:

Security backport for Bionic (17.11) is in https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa (thanks leosilvab).
I'll try to test that as well, but these things take a while ...

So far tests (on jammy) are ok.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-09-09:

Jammy tests completed and good (Kinetic is the same).
Re-deploying older releases as time permits to check B/F.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-09-12:

Bionic worked for the features that existed back then (no vhost user client yet in the older tests as it was too new).

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-09-13:

And finally also Focal completed all tests with the new build

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-09-13:

Uploaded to Kinetic, mdeslaur will take care of the security updates to older releases.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-09-13:

This bug was fixed in the package dpdk - 21.11.2-0ubuntu1

---------------
dpdk (21.11.2-0ubuntu1) kinetic; urgency=medium

  * Merge LTS stable release 21.11.2 (LP: #1975764)
    - Among many general fixed this adresses two CVEs:
      + vhost: DoS triggered by sending a crafted Vhost header (CVE-2022-2132)
      + net/mlx5: bad error recovery can lead to DoS (CVE-2022-28199)
    - Full release notes are available at:
      https://doc.dpdk.org/guides-21.11/rel_notes/release_21_11.html#id1

-- Christian Ehrhardt <email address hidden> Thu, 08 Sep 2022 10:18:45 +0200

Changed in dpdk (Ubuntu Kinetic):
status:	In Progress → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-09-13:

#10

This bug was fixed in the package dpdk - 17.11.10-0ubuntu0.2

---------------
dpdk (17.11.10-0ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-2132-*.patch: discard tool small descriptor
      chains and fix header spanned across more than two descriptor, use
      buffer vectors in dequeue path in lib/librte_vhost/vhost.h,
      lib/librte_vhost/virtio_net.c. (LP: #1975764)
    - CVE-2022-2132

-- Leonidas Da Silva Barbosa <email address hidden> Thu, 08 Sep 2022 12:48:45 -0300

Changed in dpdk (Ubuntu Bionic):
status:	Confirmed → Fix Released

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2022-09-13:

#11

This was published now:

https://lists.ubuntu.com/archives/ubuntu-security-announce/2022-September/006781.html

Changed in dpdk (Ubuntu Focal):
status:	In Progress → Fix Released
Changed in dpdk (Ubuntu Jammy):
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

auto-bugs.dpdk.org #1031
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntudpdk package

Backport dpdk as MRE for bionic, focal, impish, jammy (September)

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
dpdk package