diff --git a/0001-net-virtio-fix-Rx-checksum-calculation.patch b/0001-net-virtio-fix-Rx-checksum-calculation.patch new file mode 100644 index 0000000..88c61d7 --- /dev/null +++ b/0001-net-virtio-fix-Rx-checksum-calculation.patch @@ -0,0 +1,37 @@ +From 606fd08b1bfce6d81c9532a9ecbbbe88aa266793 Mon Sep 17 00:00:00 2001 +From: Olivier Matz +Date: Thu, 28 Nov 2024 12:09:56 +0100 +Subject: [PATCH] net/virtio: fix Rx checksum calculation + +If hdr->csum_start is larger than packet length, the len argument passed +to rte_raw_cksum_mbuf() overflows and causes a segmentation fault. + +Ignore checksum computation in this case. + +CVE-2024-11614 + +Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path") +Signed-off-by: Maxime Gouin +Signed-off-by: Olivier Matz +Reviewed-by: Maxime Coquelin +--- + lib/vhost/virtio_net.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c +index 6d53ff932d..e42aabf126 100644 +--- a/lib/vhost/virtio_net.c ++++ b/lib/vhost/virtio_net.c +@@ -2831,6 +2831,9 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr, + */ + uint16_t csum = 0, off; + ++ if (hdr->csum_start >= rte_pktmbuf_pkt_len(m)) ++ return; ++ + if (rte_raw_cksum_mbuf(m, hdr->csum_start, + rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0) + return; +-- +2.47.0 + diff --git a/dpdk.spec b/dpdk.spec index 28f2afc..ee9707b 100644 --- a/dpdk.spec +++ b/dpdk.spec @@ -9,7 +9,7 @@ #% define shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %define ver 23.11 -%define rel 1 +%define rel 2 %define srcname dpdk%(awk -F. '{ if (NF > 2) print "-stable" }' <<<%{version}) @@ -31,6 +31,9 @@ Source: https://fast.dpdk.org/rel/dpdk-%{ver}.tar.xz # Only needed for creating snapshot tarballs, not used in build itself Source100: dpdk-snapshot.sh +# CVE-2024-11614 +Patch1: 0001-net-virtio-fix-Rx-checksum-calculation.patch + Summary: Set of libraries and drivers for fast packet processing # @@ -285,6 +288,9 @@ find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \; %endif %changelog +* Tue Dec 17 2024 Kevin Traynor - 23.11-2 +- Backport fixes for CVE-2024-11614 (RHEL-68600) + * Fri Dec 15 2023 David Marchand - 23.11-1 - Rebase to 23.11 (RHEL-19584)