Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5389
HistoryAug 29, 2022 - 12:00 a.m.

Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) - August 2022

2022-08-2900:00:00
nvidia.custhelp.com
11

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

55.7%

JSON

NVIDIA has released a software update for MLNX_DPDK to address a security issue that may lead to denial of service, and some impact to data integrity and confidentiality.

To protect your system, contact your NVIDIA representative to obtain the MLNX_DPDK version that contains the update and install it.

Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWEβ„’, and base scores and vectors use CVSS v3.1 standards.

CVE ID Description Base Score Vector
CVE‑2022‑28199 NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

CVE IDs Addressed Software Product Operating System Affected Versions Updated Version
CVE‑2022‑28199 MLNX_DPDK Linux,Windows mlnx_dpdk_19.11_1.. through mlnx_dpdk_20.11_1.0.0-4.. mlnx_dpdk_20.11_5.0.0
CPENameOperatorVersion
mlnx_dpdklt20.11_5.0.0

Related

redhat 7
paloalto 1
prion 1
nessus 18
veracode 1
cisco 1
ubuntucve 1
debiancve 1
redhatcve 1
cve 1
openvas 10
suse 2
debian 1
osv 3
oraclelinux 1
rocky 1
almalinux 1
thn 1
oracle 1
redhat
redhat
(RHSA-2022:6502) Moderate: openvswitch2.13 security update
2022-09-13 18:09:30
(RHSA-2022:6503) Moderate: openvswitch2.17 security update
2022-09-13 18:09:44
(RHSA-2022:6506) Moderate: openvswitch2.16 security update
2022-09-13 18:11:07
paloalto
paloalto
Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199
2022-09-14 16:00:00
prion
prion
Design/Logic Flaw
2022-09-01 17:15:00
nessus
nessus
RHEL 8 : openvswitch2.15 (RHSA-2022:6505)
2022-09-13 00:00:00
RHEL 8 : openvswitch2.17 (RHSA-2022:6504)
2022-09-13 00:00:00
RHEL 9 : openvswitch2.17 (RHSA-2022:6503)
2022-09-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-09-16 19:38:47
cisco
cisco
Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022
2022-09-07 16:00:00
ubuntucve
ubuntucve
CVE-2022-28199
2022-09-01 00:00:00
debiancve
debiancve
CVE-2022-28199
2022-09-01 17:15:00
redhatcve
redhatcve
CVE-2022-28199
2022-09-02 00:27:18
cve
cve
CVE-2022-28199
2022-09-01 17:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for dpdk (EulerOS-SA-2022-2818)
2022-12-22 00:00:00
Huawei EulerOS: Security Advisory for dpdk (EulerOS-SA-2022-2761)
2022-11-14 00:00:00
openSUSE: Security Advisory for dpdk (SUSE-SU-2022:3341-1)
2022-09-24 00:00:00
suse
suse
Security update for dpdk (important)
2022-09-26 00:00:00
Security update for dpdk (important)
2022-09-23 00:00:00
debian
debian
[SECURITY] [DSA 5222-1] dpdk security update
2022-08-30 18:48:08
osv
osv
dpdk - security update
2022-08-30 00:00:00
Important: dpdk security and bug fix update
2022-11-15 06:19:47
Important: dpdk security and bug fix update
2022-11-15 00:00:00
oraclelinux
oraclelinux
dpdk security and bug fix update
2022-11-22 00:00:00
rocky
rocky
dpdk security and bug fix update
2022-11-15 06:19:47
almalinux
almalinux
Important: dpdk security and bug fix update
2022-11-15 00:00:00
thn
thn
Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products
2022-09-08 03:48:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

55.7%

JSON
Related for NVIDIA:5389
redhat7paloalto1prion1nessus18veracode1cisco1ubuntucve1debiancve1redhatcve1cve1openvas10suse2debian1osv3oraclelinux1rocky1almalinux1thn1oracle1