CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
78.7%
This update of dpdk to version 18.11.3 provides the following fixes :
dpdk was updated to 18.11.3 (fate#327817, bsc#1145713, jsc#ECO-274, fate#325916, fate#325951 fate#326025, fate#326992, bsc#1134968, jsc#SLE-4715)
Security issue fixed :
CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicius container may lead to to denial of service (bsc#1156146).
Other issues addressed: Fixed a regression by inserting version numbers to the drivers (bsc#1157179).
Changed to multibuild (bsc#1151455).
Added support for using externally allocated memory in DPDK.
Added check for ensuring allocated memory is addressable by devices.
Updated the C11 memory model version of the ring library.
Added NXP CAAM JR PMD.
Added support for GEN3 devices to Intel QAT driver.
Added Distributed Software Eventdev PMD.
Updated KNI kernel module, rte_kni library, and KNI sample application.
Add a new sample application for vDPA.
Updated mlx5 driver.
Improved security of PMD to prevent the NIC from getting stuck when the application misbehaves.
Reworked flow engine to supported e-switch flow rules (transfer attribute).
Added support for header re-write(L2-L4), VXLAN encap/decap, count, match on TCP flags and multiple flow groups with e-switch flow rules.
Added support for match on metadata, VXLAN and MPLS encap/decap with flow rules.
Added support for RTE_ETH_DEV_CLOSE_REMOVE flag to provide better support for representors.
Added support for meson build.
Fixed build issue with PPC.
Added support for BlueField VF.
Added support for externally allocated static memory for DMA.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:3179-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(131752);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/05");
script_cve_id("CVE-2019-14818");
script_name(english:"SUSE SLES15 Security Update : dpdk (SUSE-SU-2019:3179-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update of dpdk to version 18.11.3 provides the following fixes :
dpdk was updated to 18.11.3 (fate#327817, bsc#1145713, jsc#ECO-274,
fate#325916, fate#325951 fate#326025, fate#326992, bsc#1134968,
jsc#SLE-4715)
Security issue fixed :
CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicius
container may lead to to denial of service (bsc#1156146).
Other issues addressed: Fixed a regression by inserting version
numbers to the drivers (bsc#1157179).
Changed to multibuild (bsc#1151455).
Added support for using externally allocated memory in DPDK.
Added check for ensuring allocated memory is addressable by devices.
Updated the C11 memory model version of the ring library.
Added NXP CAAM JR PMD.
Added support for GEN3 devices to Intel QAT driver.
Added Distributed Software Eventdev PMD.
Updated KNI kernel module, rte_kni library, and KNI sample
application.
Add a new sample application for vDPA.
Updated mlx5 driver.
- Improved security of PMD to prevent the NIC from getting
stuck when the application misbehaves.
- Reworked flow engine to supported e-switch flow rules
(transfer attribute).
- Added support for header re-write(L2-L4), VXLAN
encap/decap, count, match on TCP flags and multiple flow
groups with e-switch flow rules.
- Added support for match on metadata, VXLAN and MPLS
encap/decap with flow rules.
- Added support for RTE_ETH_DEV_CLOSE_REMOVE flag to
provide better support for representors.
- Added support for meson build.
- Fixed build issue with PPC.
- Added support for BlueField VF.
- Added support for externally allocated static memory for
DMA.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134968");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1145713");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151455");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1156146");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1157179");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-14818/");
# https://www.suse.com/support/update/announcement/2019/suse-su-20193179-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b6f99433");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Server Applications 15:zypper in -t
patch SUSE-SLE-Module-Server-Applications-15-2019-3179=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14818");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-kmp-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdpdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdpdk-18_11-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"dpdk-18.11.3-3.16.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"dpdk-debuginfo-18.11.3-3.16.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"dpdk-debugsource-18.11.3-3.16.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"dpdk-devel-18.11.3-3.16.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"dpdk-devel-debuginfo-18.11.3-3.16.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"dpdk-kmp-default-18.11.3_k4.12.14_150.41-3.16.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"dpdk-tools-18.11.3-3.16.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"dpdk-tools-debuginfo-18.11.3-3.16.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libdpdk-18_11-18.11.3-3.16.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libdpdk-18_11-debuginfo-18.11.3-3.16.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dpdk");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14818
www.nessus.org/u?b6f99433
bugzilla.suse.com/show_bug.cgi?id=1134968
bugzilla.suse.com/show_bug.cgi?id=1145713
bugzilla.suse.com/show_bug.cgi?id=1151455
bugzilla.suse.com/show_bug.cgi?id=1156146
bugzilla.suse.com/show_bug.cgi?id=1157179
www.suse.com/security/cve/CVE-2019-14818/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
78.7%