CVE-2022-28199 – dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service

https://notcve.org/view.php?id=CVE-2022-28199

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. La distribución de NVIDIA del kit de desarrollo del plano de datos (MLNX_DPDK) contiene una vulnerabilidad en la pila de red, donde la recuperación de errores no es manejada apropiadamente, lo que puede permitir a un atacante remoto causar una denegación de servicio y algún impacto en la integridad y confidencialidad de los datos A vulnerability was found in the DPDK package. Affected versions of this package are vulnerable to denial of service (DoS) attacks, affecting system availability. • http://www.openwall.com/lists/oss-security/2022/09/06/2 https://nvidia.custhelp.com/app/answers/detail/a_id/5389 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8 https://access.redhat.com/security/cve/CVE-2022-28199 https://bugzilla.redhat.com/show_bug.cgi?id=2123549 • CWE-20: Improper Input Validation CWE-393: Return of Wrong Status Code CWE-1284: Improper Validation of Specified Quantity in Input •