{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"dpdk security update", "category":"general", "title":"Synopsis" }, { "text":"An update for dpdk is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"The Data Plane Development Kit is a set of libraries and drivers for fast packet processing in the user space.\n\nSecurity Fix(es):\n\nAn out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.(CVE-2024-11614)", "category":"general", "title":"Description" }, { "text":"An update for dpdk is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"dpdk", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1029", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1029" }, { "summary":"CVE-2024-11614", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-11614&packageName=dpdk" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11614" }, { "summary":"openEuler-SA-2025-1029 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1029.json" } ], "title":"An update for dpdk is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2025-01-10T21:10:48+08:00", "revision_history":[ { "date":"2025-01-10T21:10:48+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-01-10T21:10:48+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-01-10T21:10:48+08:00", "id":"openEuler-SA-2025-1029", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-23.11-26.oe2403sp1.aarch64.rpm", "name":"dpdk-23.11-26.oe2403sp1.aarch64.rpm" }, "name":"dpdk-23.11-26.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-debuginfo-23.11-26.oe2403sp1.aarch64.rpm", "name":"dpdk-debuginfo-23.11-26.oe2403sp1.aarch64.rpm" }, "name":"dpdk-debuginfo-23.11-26.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-debugsource-23.11-26.oe2403sp1.aarch64.rpm", "name":"dpdk-debugsource-23.11-26.oe2403sp1.aarch64.rpm" }, "name":"dpdk-debugsource-23.11-26.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-devel-23.11-26.oe2403sp1.aarch64.rpm", "name":"dpdk-devel-23.11-26.oe2403sp1.aarch64.rpm" }, "name":"dpdk-devel-23.11-26.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-tools-23.11-26.oe2403sp1.aarch64.rpm", "name":"dpdk-tools-23.11-26.oe2403sp1.aarch64.rpm" }, "name":"dpdk-tools-23.11-26.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-23.11-26.oe2403sp1.src.rpm", "name":"dpdk-23.11-26.oe2403sp1.src.rpm" }, "name":"dpdk-23.11-26.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-23.11-26.oe2403sp1.x86_64.rpm", "name":"dpdk-23.11-26.oe2403sp1.x86_64.rpm" }, "name":"dpdk-23.11-26.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-debuginfo-23.11-26.oe2403sp1.x86_64.rpm", "name":"dpdk-debuginfo-23.11-26.oe2403sp1.x86_64.rpm" }, "name":"dpdk-debuginfo-23.11-26.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-debugsource-23.11-26.oe2403sp1.x86_64.rpm", "name":"dpdk-debugsource-23.11-26.oe2403sp1.x86_64.rpm" }, "name":"dpdk-debugsource-23.11-26.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-devel-23.11-26.oe2403sp1.x86_64.rpm", "name":"dpdk-devel-23.11-26.oe2403sp1.x86_64.rpm" }, "name":"dpdk-devel-23.11-26.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"dpdk-tools-23.11-26.oe2403sp1.x86_64.rpm", "name":"dpdk-tools-23.11-26.oe2403sp1.x86_64.rpm" }, "name":"dpdk-tools-23.11-26.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-23.11-26.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.aarch64", "name":"dpdk-23.11-26.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-debuginfo-23.11-26.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-debuginfo-23.11-26.oe2403sp1.aarch64", "name":"dpdk-debuginfo-23.11-26.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-debugsource-23.11-26.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-debugsource-23.11-26.oe2403sp1.aarch64", "name":"dpdk-debugsource-23.11-26.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-devel-23.11-26.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-devel-23.11-26.oe2403sp1.aarch64", "name":"dpdk-devel-23.11-26.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-tools-23.11-26.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-tools-23.11-26.oe2403sp1.aarch64", "name":"dpdk-tools-23.11-26.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-23.11-26.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.src", "name":"dpdk-23.11-26.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-23.11-26.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.x86_64", "name":"dpdk-23.11-26.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-debuginfo-23.11-26.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-debuginfo-23.11-26.oe2403sp1.x86_64", "name":"dpdk-debuginfo-23.11-26.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-debugsource-23.11-26.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-debugsource-23.11-26.oe2403sp1.x86_64", "name":"dpdk-debugsource-23.11-26.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-devel-23.11-26.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-devel-23.11-26.oe2403sp1.x86_64", "name":"dpdk-devel-23.11-26.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"dpdk-tools-23.11-26.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:dpdk-tools-23.11-26.oe2403sp1.x86_64", "name":"dpdk-tools-23.11-26.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-11614", "notes":[ { "text":"An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-debuginfo-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-debugsource-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-devel-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-tools-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.src", "openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-debuginfo-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-debugsource-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-devel-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-tools-23.11-26.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-debuginfo-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-debugsource-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-devel-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-tools-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.src", "openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-debuginfo-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-debugsource-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-devel-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-tools-23.11-26.oe2403sp1.x86_64" ], "details":"dpdk security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1029" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-debuginfo-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-debugsource-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-devel-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-tools-23.11-26.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.src", "openEuler-24.03-LTS-SP1:dpdk-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-debuginfo-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-debugsource-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-devel-23.11-26.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:dpdk-tools-23.11-26.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-11614" } ] }