Source: dpdk X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities are fixed in DSA 5222, but filing a bug to track the fix in unstable: CVE-2022-28199[0]: | NVIDIA’s distribution of the Data Plane Development Kit | (MLNX_DPDK) contains a vulnerability in the network stack, where error | recovery is not handled properly, which can allow a remote attacker to | cause denial of service and some impact to data integrity and | confidentiality. CVE-2022-2132[1]: | A permissive list of allowed inputs flaw was found in DPDK. This issue | allows a remote attacker to cause a denial of service triggered by | sending a crafted Vhost header to DPDK. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-28199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 [1] https://security-tracker.debian.org/tracker/CVE-2022-2132 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 Please adjust the affected versions in the BTS as needed.
