How to Fix CVE-2022-28199- Vulnerability in NVIDIA Data Plane Development Kit

The network appliances manufacturer giant Cisco published an advisory on 7th September 2022 following NVEDIA’s advisory published on 29th August, in which Cisco detailed a vulnerability in NVIDIA Data Plane Development Kit (MLNX_DPDK). The vulnerability tracked as CVE-2022-28199 is a High severity vulnerability with a CVSS score of 8.6 out of 10. The vulnerability is actually lice in the NVIDIA Data Plane Development Kit that could allow a remote attacker to cause a denial of service and some impact to data integrity and confidentiality issues on Cisco products on which the kit is being used in their interface. Since this flaw allows the attacker to impact to data integrity and confidentiality issues on the affected system, it is most important to fix the CVE-2022-28199 vulnerability. Let’s see how to fix CVE-2022-28199, a Denial of Service Vulnerability in NVIDIA Data Plane Development Kit, in this post.

A Short Note About NVIDIA Data Plane Development Kit:

Before we go ahead learning about the new Denial of Service Vulnerability in the NVIDIA Data Plane Development Kit, let’s see a short note about it. The NVIDIA Data Plane Development Kit (DPDK) is a set of development tools for creating high-performance, scalable networking applications. It includes a wide range of features that allow developers to create powerful and efficient applications easily.

The DPDK is composed of several software components, each providing different functionality. The core component is the Poll-Mode Driver (PMD), a userspace driver that allows fast packet processing without requiring kernel support. In addition, the DPDK includes a set of libraries for common networking tasks such as packet parsing, classification, and management.

The DPDK is highly portable and can be used on various architectures, including x86, ARM, and PowerPC. It is also supported by a wide range of operating systems, including Linux, FreeBSD, NetBSD, and Windows.

The NVIDIA DPDK is open source and available under the permissive BSD license. This allows developers to create closed-source applications without needing to open source their code. The DPDK has been used to create a number of high-performance applications, including:

A 10 Gb/s network appliance

* A software router

* A load balancer

* A web proxy server

If you are looking for a way to improve the performance of your networking applications, the DPDK is definitely worth considering.

Summary of The CVE-2022-28199

This is a high severity vulnerability in the network stack of NVIDIA Data Plane Development Kit (MLNX_DPDK), a set of development tools for creating high-performance, scalable networking applications on various architectures, including x86, ARM, and PowerPC. The flaw is due to improper error recovery handling in the network stack of MLNX_DPDK. This vulnerability could allow attackers to cause a denial of service and impact to data integrity and confidentiality issues on Cisco products on which the kit is being used in their interface.

“NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.”
-NVIDIA

Associated CVE ID CVE-2022-28199
Description Vulnerability in NVIDIA Data Plane Development Kit
Associated ZDI ID
CVSS Score 8.6 High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Impact Score
Exploitability Score
Attack Vector (AV) Network
Attack Complexity (AC) Low
Privilege Required (PR) None
User Interaction (UI) None
Scope Changed
Confidentiality (C) None
Integrity (I) None
availability (a) High

Cisco Products Vulnerable to CVE-2022-28199

Cisco advisory says that this Denial of Service Vulnerability affects the following Cisco products if they are running a vulnerable version of NVIDIA Data Plane Development Kit (MLNX_DPDK) on them.

NVIDIA Data Plane Development Kit Version Affected: mlnx_dpdk_19.11_1.*.* through mlnx_dpdk_20.11_1.0.0-4.*.*

How to Fix CVE-2022-28199- Vulnerability in NVIDIA Data Plane Development Kit

How to Check Your Cisco Product is Affected By CVE-2022-28199?

The best way to determine that your product is affected or compromised is to check the interface of the devices, which has no traffic with increased rx_errors. If you see this example interface GigabitEthernet2 is considered compromised as it has more rx_errors.

If an error condition is observed on the device interface, the device may either reload or fail to receive traffic, resulting in a denial of service (DoS) condition.
-CISCO

cat8kv#show control | include ^GigabitEthernet.*|rx_errors 
GigabitEthernet1 - Gi1 is mapped to UIO on VXE
  rx_errors 0
GigabitEthernet2 - Gi2 is mapped to UIO on VXE
  rx_errors 20
GigabitEthernet3 - Gi3 is mapped to UIO on VXE
  rx_errors 0
cat8kv#

How to Fix CVE-2022-28199- Vulnerability in NVIDIA Data Plane Development Kit?

NVIDIA has addressed this CVE-2022-28199 issue by releasing software updates for NVIDIA Data Plane Development Kit. We recommend contacting NVEDIA support to get the fixed version of the software:  mlnx_dpdk_20.11_5.0.0.

There is no workaround to fix the CVE-2022-28199 issue. You will have to upgrade the new fixed release of the development kit. However, if your device is compromised and has reached DoS condition, there is a way to recover your Cisco device. You can just restart the interface would work in recovering the interface, and you found it in function in a few seconds. You can use shutdown, and no shutdown commands to restart the interface. Please see the procedure in detail below.

cat8kv#show control | include ^GigabitEthernet.*|rx_errors 
GigabitEthernet1 - Gi1 is mapped to UIO on VXE
  rx_errors 0
GigabitEthernet2 - Gi2 is mapped to UIO on VXE
  rx_errors 20]
GigabitEthernet3 - Gi3 is mapped to UIO on VXE
  rx_errors 0
cat8kv#
cat8kv#configure terminal
cat8kv(config)#interface GigabitEthernet2
cat8kv(config-if)#shut
cat8kv(config-if)#no shut
cat8kv(config-if)#end
cat8kv#

Cisco Products Not Affected By CVE-2022-28199

Cisco has shared a list of its products that are safe and not affected by the CVE-2021-28199 flaw. Administrators can ignore actioning on these models.

  • Cloud Services Router 1000V Series 
  • IOS Software
  • IOS XE Software (other than Cisco Catalyst 8000V Edge Software)
  • IOS XR Software
  • NX-OS Software

We hope this post will help you know how to fix CVE-2022-28199, a vulnerability in NVIDIA Data Plane Development Kit. Please share this post if you find this interested. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/290086.html

(0)
上一篇 2022年11月16日
下一篇 2022年11月16日

相关推荐

发表回复

登录后才能评论