Backport fix for CVE-2024-11614

Resolves: RHEL-68600 Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
2024-12-16 16:49:41 +00:00 · 2024-12-16 16:49:41 +00:00 · bb6d983cd3
commit bb6d983cd3
parent cd0dfa6c87
2 changed files with 44 additions and 1 deletions
--- a/0001-net-virtio-fix-Rx-checksum-calculation.patch
+++ b/0001-net-virtio-fix-Rx-checksum-calculation.patch
@ -0,0 +1,37 @@
+From 606fd08b1bfce6d81c9532a9ecbbbe88aa266793 Mon Sep 17 00:00:00 2001
+From: Olivier Matz <olivier.matz@6wind.com>
+Date: Thu, 28 Nov 2024 12:09:56 +0100
+Subject: [PATCH] net/virtio: fix Rx checksum calculation
+
+If hdr->csum_start is larger than packet length, the len argument passed
+to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
+
+Ignore checksum computation in this case.
+
+CVE-2024-11614
+
+Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
+Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
+Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
+Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
+---
+ lib/vhost/virtio_net.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
+index 6d53ff932d..e42aabf126 100644
+--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
+@@ -2831,6 +2831,9 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr,
+ 			 */
+ 			uint16_t csum = 0, off;
+ 
+			if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
+				return;
+
+ 			if (rte_raw_cksum_mbuf(m, hdr->csum_start,
+ 					rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
+ 				return;
+-- 
+2.47.0
+
--- a/dpdk.spec
+++ b/dpdk.spec
@ -9,7 +9,7 @@
 #% define shortcommit0 %(c=%{commit0}; echo ${c:0:7})

 %define ver 23.11
-%define rel 1
+%define rel 2

 %define srcname dpdk%(awk -F. '{ if (NF > 2) print "-stable" }' <<<%{version})

@ -31,6 +31,9 @@ Source: https://fast.dpdk.org/rel/dpdk-%{ver}.tar.xz
 # Only needed for creating snapshot tarballs, not used in build itself
 Source100: dpdk-snapshot.sh

+# CVE-2024-11614
+Patch1: 0001-net-virtio-fix-Rx-checksum-calculation.patch
+
 Summary: Set of libraries and drivers for fast packet processing

 #
@ -285,6 +288,9 @@ find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \;
 %endif

 %changelog
+* Tue Dec 17 2024 Kevin Traynor <ktraynor@redhat.com> - 23.11-2
+- Backport fixes for CVE-2024-11614 (RHEL-68600)
+
 * Fri Dec 15 2023 David Marchand <david.marchand@redhat.com> - 23.11-1
 - Rebase to 23.11 (RHEL-19584)