Debian DSA-5130-1: dpdk - セキュリティ更新

high Nessus プラグイン ID 160629

Language:

概要

リモートの Debian ホストにセキュリティ関連の更新プログラムがありません。

説明

リモートの Debian 11 ホストには、dsa-5130 のアドバイザリに記載された複数の脆弱性の影響を受けるパッケージがインストールされています。

- DPDK の vhost ライブラリに欠陥が見つかりました。関数 vhost_user_set_inflight_fd() は「msg-> payload.inflight.num_queues」を検証せず、領域外メモリの読み取り/書き込みを引き起こす可能性があります。この脆弱性の結果、DPDK vhost ライブラリを使用するソフトウェアがクラッシュする可能性があります。(CVE-2021-3839)

- dpdk に欠陥が見つかりました。この欠陥により、悪意のある vhost-user マスターが、予期しない数の fds を補助データとして、vhost-user スレーブによって閉じられていない VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD メッセージに添付する可能性があります。このようなメッセージを継続的に送信することにより、vhost-user マスターは vhost-user スレーブプロセスで利用可能な fd を使い果たし、サービス拒否を引き起こします。(CVE-2022-0669)

Nessus はこれらの問題をテストしておらず、代わりにアプリケーションの自己報告されたバージョン番号にのみ依存しています。

ソリューション

dpdk パッケージをアップグレードしてください。

安定版 (stable) ディストリビューション (bullseye) では、これらの問題はバージョン 20.11.5-1~deb11u1 で修正されています。

参考資料

https://security-tracker.debian.org/tracker/source-package/dpdk

https://www.debian.org/security/2022/dsa-5130

https://security-tracker.debian.org/tracker/CVE-2021-3839

https://security-tracker.debian.org/tracker/CVE-2022-0669

https://packages.debian.org/source/bullseye/dpdk

プラグインの詳細

深刻度: High

ID: 160629

ファイル名: debian_DSA-5130.nasl

バージョン: 1.5

タイプ: local

エージェント: unix

ファミリー: Debian Local Security Checks

公開日: 2022/5/5

更新日: 2023/3/21

サポートされているセンサー: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

リスク情報

VPR

リスクファクター: Medium

スコア: 4.4

CVSS v2

リスクファクター: High

基本値: 7.8

現状値: 5.8

ベクトル: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS スコアのソース: CVE-2021-3839

CVSS v3

リスクファクター: High

基本値: 7.5

現状値: 6.5

ベクトル: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

現状ベクトル: CVSS:3.0/E:U/RL:O/RC:C

脆弱性情報

CPE: p-cpe:/a:debian:debian_linux:dpdk, p-cpe:/a:debian:debian_linux:dpdk-dev, p-cpe:/a:debian:debian_linux:dpdk-doc, p-cpe:/a:debian:debian_linux:libdpdk-dev, p-cpe:/a:debian:debian_linux:librte-acl21, p-cpe:/a:debian:debian_linux:librte-baseband-acc100-21, p-cpe:/a:debian:debian_linux:librte-baseband-fpga-5gnr-fec21, p-cpe:/a:debian:debian_linux:librte-baseband-fpga-lte-fec21, p-cpe:/a:debian:debian_linux:librte-baseband-null21, p-cpe:/a:debian:debian_linux:librte-baseband-turbo-sw21, p-cpe:/a:debian:debian_linux:librte-bbdev21, p-cpe:/a:debian:debian_linux:librte-bitratestats21, p-cpe:/a:debian:debian_linux:librte-bpf21, p-cpe:/a:debian:debian_linux:librte-bus-dpaa21, p-cpe:/a:debian:debian_linux:librte-bus-fslmc21, p-cpe:/a:debian:debian_linux:librte-bus-ifpga21, p-cpe:/a:debian:debian_linux:librte-bus-pci21, p-cpe:/a:debian:debian_linux:librte-bus-vdev21, p-cpe:/a:debian:debian_linux:librte-bus-vmbus21, p-cpe:/a:debian:debian_linux:librte-compressdev21, p-cpe:/a:debian:debian_linux:librte-crypto-aesni-gcm21, p-cpe:/a:debian:debian_linux:librte-crypto-aesni-mb21, p-cpe:/a:debian:debian_linux:librte-crypto-bcmfs21, p-cpe:/a:debian:debian_linux:librte-crypto-caam-jr21, p-cpe:/a:debian:debian_linux:librte-crypto-ccp21, p-cpe:/a:debian:debian_linux:librte-cfgfile21, p-cpe:/a:debian:debian_linux:librte-cmdline21, p-cpe:/a:debian:debian_linux:librte-common-cpt21, p-cpe:/a:debian:debian_linux:librte-common-dpaax21, p-cpe:/a:debian:debian_linux:librte-common-iavf21, p-cpe:/a:debian:debian_linux:librte-common-mlx5-21, p-cpe:/a:debian:debian_linux:librte-common-octeontx2-21, p-cpe:/a:debian:debian_linux:librte-common-octeontx21, p-cpe:/a:debian:debian_linux:librte-common-qat21, p-cpe:/a:debian:debian_linux:librte-common-sfc-efx21, p-cpe:/a:debian:debian_linux:librte-compress-isal21, p-cpe:/a:debian:debian_linux:librte-compress-octeontx21, p-cpe:/a:debian:debian_linux:librte-compress-zlib21, p-cpe:/a:debian:debian_linux:librte-net-enic21, p-cpe:/a:debian:debian_linux:librte-net-failsafe21, p-cpe:/a:debian:debian_linux:librte-net-fm10k21, p-cpe:/a:debian:debian_linux:librte-net-hinic21, p-cpe:/a:debian:debian_linux:librte-net-hns3-21, p-cpe:/a:debian:debian_linux:librte-net-i40e21, p-cpe:/a:debian:debian_linux:librte-net-iavf21, p-cpe:/a:debian:debian_linux:librte-net-ice21, p-cpe:/a:debian:debian_linux:librte-net-igc21, p-cpe:/a:debian:debian_linux:librte-net-ipn3ke21, p-cpe:/a:debian:debian_linux:librte-net-ixgbe21, p-cpe:/a:debian:debian_linux:librte-crypto-dpaa-sec21, p-cpe:/a:debian:debian_linux:librte-crypto-dpaa2-sec21, p-cpe:/a:debian:debian_linux:librte-crypto-kasumi21, p-cpe:/a:debian:debian_linux:librte-crypto-nitrox21, p-cpe:/a:debian:debian_linux:librte-crypto-null21, p-cpe:/a:debian:debian_linux:librte-crypto-octeontx2-21, p-cpe:/a:debian:debian_linux:librte-crypto-octeontx21, p-cpe:/a:debian:debian_linux:librte-crypto-openssl21, p-cpe:/a:debian:debian_linux:librte-crypto-scheduler21, p-cpe:/a:debian:debian_linux:librte-crypto-snow3g21, p-cpe:/a:debian:debian_linux:librte-crypto-virtio21, p-cpe:/a:debian:debian_linux:librte-crypto-zuc21, p-cpe:/a:debian:debian_linux:librte-cryptodev21, p-cpe:/a:debian:debian_linux:librte-distributor21, p-cpe:/a:debian:debian_linux:librte-eal21, p-cpe:/a:debian:debian_linux:librte-efd21, p-cpe:/a:debian:debian_linux:librte-ethdev21, p-cpe:/a:debian:debian_linux:librte-event-dlb2-21, p-cpe:/a:debian:debian_linux:librte-event-dlb21, p-cpe:/a:debian:debian_linux:librte-event-dpaa2-21, p-cpe:/a:debian:debian_linux:librte-event-dpaa21, p-cpe:/a:debian:debian_linux:librte-event-dsw21, p-cpe:/a:debian:debian_linux:librte-event-octeontx2-21, p-cpe:/a:debian:debian_linux:librte-event-octeontx21, p-cpe:/a:debian:debian_linux:librte-event-opdl21, p-cpe:/a:debian:debian_linux:librte-event-skeleton21, p-cpe:/a:debian:debian_linux:librte-event-sw21, p-cpe:/a:debian:debian_linux:librte-eventdev21, p-cpe:/a:debian:debian_linux:librte-fib21, p-cpe:/a:debian:debian_linux:librte-flow-classify21, p-cpe:/a:debian:debian_linux:librte-graph21, p-cpe:/a:debian:debian_linux:librte-gro21, p-cpe:/a:debian:debian_linux:librte-gso21, p-cpe:/a:debian:debian_linux:librte-hash21, p-cpe:/a:debian:debian_linux:librte-ip-frag21, p-cpe:/a:debian:debian_linux:librte-ipsec21, p-cpe:/a:debian:debian_linux:librte-jobstats21, p-cpe:/a:debian:debian_linux:librte-kni21, p-cpe:/a:debian:debian_linux:librte-kvargs21, p-cpe:/a:debian:debian_linux:librte-latencystats21, p-cpe:/a:debian:debian_linux:librte-lpm21, p-cpe:/a:debian:debian_linux:librte-mbuf21, p-cpe:/a:debian:debian_linux:librte-member21, p-cpe:/a:debian:debian_linux:librte-mempool-bucket21, p-cpe:/a:debian:debian_linux:librte-mempool-dpaa2-21, p-cpe:/a:debian:debian_linux:librte-mempool-dpaa21, p-cpe:/a:debian:debian_linux:librte-mempool-octeontx2-21, p-cpe:/a:debian:debian_linux:librte-mempool-octeontx21, p-cpe:/a:debian:debian_linux:librte-mempool-ring21, p-cpe:/a:debian:debian_linux:librte-mempool-stack21, p-cpe:/a:debian:debian_linux:librte-mempool21, p-cpe:/a:debian:debian_linux:librte-meta-all, p-cpe:/a:debian:debian_linux:librte-meta-allpmds, p-cpe:/a:debian:debian_linux:librte-meta-baseband, p-cpe:/a:debian:debian_linux:librte-meta-bus, p-cpe:/a:debian:debian_linux:librte-meta-compress, p-cpe:/a:debian:debian_linux:librte-meta-crypto, p-cpe:/a:debian:debian_linux:librte-meta-event, p-cpe:/a:debian:debian_linux:librte-meta-mempool, p-cpe:/a:debian:debian_linux:librte-meta-net, p-cpe:/a:debian:debian_linux:librte-meta-raw, p-cpe:/a:debian:debian_linux:librte-meter21, p-cpe:/a:debian:debian_linux:librte-metrics21, p-cpe:/a:debian:debian_linux:librte-net-af-packet21, p-cpe:/a:debian:debian_linux:librte-net-af-xdp21, p-cpe:/a:debian:debian_linux:librte-net-ark21, p-cpe:/a:debian:debian_linux:librte-net-atlantic21, p-cpe:/a:debian:debian_linux:librte-net-avp21, p-cpe:/a:debian:debian_linux:librte-net-axgbe21, p-cpe:/a:debian:debian_linux:librte-net-bnx2x21, p-cpe:/a:debian:debian_linux:librte-net-bnxt21, p-cpe:/a:debian:debian_linux:librte-net-bond21, p-cpe:/a:debian:debian_linux:librte-net-cxgbe21, p-cpe:/a:debian:debian_linux:librte-net-dpaa2-21, p-cpe:/a:debian:debian_linux:librte-net-dpaa21, p-cpe:/a:debian:debian_linux:librte-net-e1000-21, p-cpe:/a:debian:debian_linux:librte-net-ena21, p-cpe:/a:debian:debian_linux:librte-net-enetc21, p-cpe:/a:debian:debian_linux:librte-raw-ntb21, p-cpe:/a:debian:debian_linux:librte-raw-octeontx2-dma21, p-cpe:/a:debian:debian_linux:librte-raw-octeontx2-ep21, p-cpe:/a:debian:debian_linux:librte-raw-skeleton21, p-cpe:/a:debian:debian_linux:librte-rawdev21, p-cpe:/a:debian:debian_linux:librte-rcu21, p-cpe:/a:debian:debian_linux:librte-regex-mlx5-21, p-cpe:/a:debian:debian_linux:librte-regex-octeontx2-21, p-cpe:/a:debian:debian_linux:librte-regexdev21, p-cpe:/a:debian:debian_linux:librte-reorder21, p-cpe:/a:debian:debian_linux:librte-rib21, p-cpe:/a:debian:debian_linux:librte-ring21, p-cpe:/a:debian:debian_linux:librte-sched21, p-cpe:/a:debian:debian_linux:librte-security21, p-cpe:/a:debian:debian_linux:librte-net-kni21, p-cpe:/a:debian:debian_linux:librte-net-liquidio21, p-cpe:/a:debian:debian_linux:librte-net-memif21, p-cpe:/a:debian:debian_linux:librte-net-mlx4-21, p-cpe:/a:debian:debian_linux:librte-net-mlx5-21, p-cpe:/a:debian:debian_linux:librte-net-netvsc21, p-cpe:/a:debian:debian_linux:librte-net-nfp21, p-cpe:/a:debian:debian_linux:librte-net-null21, p-cpe:/a:debian:debian_linux:librte-net-octeontx2-21, p-cpe:/a:debian:debian_linux:librte-net-octeontx21, p-cpe:/a:debian:debian_linux:librte-net-pcap21, p-cpe:/a:debian:debian_linux:librte-net-pfe21, p-cpe:/a:debian:debian_linux:librte-net-qede21, p-cpe:/a:debian:debian_linux:librte-net-ring21, p-cpe:/a:debian:debian_linux:librte-net-sfc21, p-cpe:/a:debian:debian_linux:librte-net-softnic21, p-cpe:/a:debian:debian_linux:librte-net-tap21, p-cpe:/a:debian:debian_linux:librte-net-thunderx21, p-cpe:/a:debian:debian_linux:librte-net-txgbe21, p-cpe:/a:debian:debian_linux:librte-net-vdev-netvsc21, p-cpe:/a:debian:debian_linux:librte-net-vhost21, p-cpe:/a:debian:debian_linux:librte-net-virtio21, p-cpe:/a:debian:debian_linux:librte-net-vmxnet3-21, p-cpe:/a:debian:debian_linux:librte-net21, p-cpe:/a:debian:debian_linux:librte-node21, p-cpe:/a:debian:debian_linux:librte-pci21, p-cpe:/a:debian:debian_linux:librte-pdump21, p-cpe:/a:debian:debian_linux:librte-pipeline21, p-cpe:/a:debian:debian_linux:librte-port21, p-cpe:/a:debian:debian_linux:librte-power21, p-cpe:/a:debian:debian_linux:librte-raw-dpaa2-cmdif21, p-cpe:/a:debian:debian_linux:librte-raw-dpaa2-qdma21, p-cpe:/a:debian:debian_linux:librte-raw-ifpga21, p-cpe:/a:debian:debian_linux:librte-raw-ioat21, p-cpe:/a:debian:debian_linux:librte-stack21, p-cpe:/a:debian:debian_linux:librte-table21, p-cpe:/a:debian:debian_linux:librte-telemetry21, p-cpe:/a:debian:debian_linux:librte-timer21, p-cpe:/a:debian:debian_linux:librte-vdpa-ifc21, p-cpe:/a:debian:debian_linux:librte-vdpa-mlx5-21, p-cpe:/a:debian:debian_linux:librte-vhost21, cpe:/o:debian:debian_linux:11.0

必要な KB アイテム: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

エクスプロイトの容易さ: No known exploits are available

パッチ公開日: 2022/5/5

脆弱性公開日: 2022/5/5

参照情報

CVE: CVE-2021-3839, CVE-2022-0669