From the reporter: Hello, While reviewing the vhost library code, we identified an issue in the handling of vhost-user inflight type messages. A malicious vhost-user master can attach an unexpected number of fds as anciliary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS. The problem was introduced with commit d87f1a1cb7b6 ("vhost: support inflight info sharing") and affects versions since v19.11. This is similar to CVE-2019-14818 that was fixed in bf472259dde6 ("vhost: fix possible denial of service by leaking FDs"). You can find attached a proposal for a fix.
Maxime confirmed the issue. Requesting the CVE number for it.
Got the CVE number: CVE-2022-0669 I will proceed. Thanks.
Created attachment 190 [details] Proposed fix rebased on 02/18 main repository,
Targeting dpdk 22.03 release.
@David, Hi David, could you please tell me how would you like to be acknowledged on the CVE page?
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> I'm preparing the backports which will also include Bug 657.
Decided to change the embargo date to April 29th. And I have sent out the request for changing the embargo date to April 29th, no reply for now.
Confirmed from RedHat product security team about the new disclosure date.
Hi, We need to continue the process since the disclosure date is coming.
pre-release email sent. Thanks.
release email sent. Thanks.
This issue has been fixed and made public. Thanks.